A flaw was found in Foreman's katello plugin version 3.4.5. After setting a new role to allow restricted access on a repository with a filter (filter set on the Product Name), the filter is not respected when the actions are done via hammer using the repository id.
References
Link | Resource |
---|---|
https://projects.theforeman.org/issues/18838 | Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2662 | Issue Tracking Third Party Advisory |
Configurations
Information
Published : 2018-08-22 09:29
Updated : 2023-02-12 15:29
NVD link : CVE-2017-2662
Mitre link : CVE-2017-2662
JSON object : View
CWE
CWE-862
Missing Authorization
Products Affected
theforeman
- katello