CVE-2017-2662

Summary

CVE	CVE-2017-2662
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2018-08-22 16:29:00 UTC
Updated	2023-02-12 23:29:00 UTC
Description	A flaw was found in Foreman's katello plugin version 3.4.5. After setting a new role to allow restricted access on a repository with a filter (filter set on the Product Name), the filter is not respected when the actions are done via hammer using the repository id.

Risk And Classification

Problem Types: CWE-862

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Theforeman	Katello	3.4.5	All	All	All
Application	Theforeman	Katello	3.4.5	All	All	All

References

Reference	Source	Link	Tags
Red Hat Customer Portal - Access to 24x7 support and knowledge	MISC	access.redhat.com
1434106 – (CVE-2017-2662) CVE-2017-2662 foreman: Managing repositories with their id via hammer does not respect the role filters	CONFIRM	bugzilla.redhat.com	Issue Tracking, Third Party Advisory
Bug #18838: Managing repositories with their id via hammer does not respect the role filters - Katello - Foreman	CONFIRM	projects.theforeman.org	Vendor Advisory
1434106 – (CVE-2017-2662) CVE-2017-2662 foreman: Managing repositories with their id via hammer does not respect the role filters	MISC	bugzilla.redhat.com
CVE-2017-2662 - Red Hat Customer Portal	MISC	access.redhat.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

239228 Red Hat Update for Satellite 6.9 (RHSA-2021:1313)