Vulnerabilities > CVE-2017-2662 - Missing Authorization vulnerability in Theforeman Katello 3.4.5

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

theforeman

CWE-862

NVD

Published: 2018-08-22

Updated: 2023-02-12

Summary

A flaw was found in Foreman's katello plugin version 3.4.5. After setting a new role to allow restricted access on a repository with a filter (filter set on the Product Name), the filter is not respected when the actions are done via hammer using the repository id.

Vulnerable Configurations

Part	Description	Count
Application	Theforeman Theforeman Katello 3.4.5	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://projects.theforeman.org/issues/18838
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2662