// For flags

CVE-2017-2662

foreman: Managing repositories with their id via hammer does not respect the role filters

Severity Score

4.3
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A flaw was found in Foreman's katello plugin version 3.4.5. After setting a new role to allow restricted access on a repository with a filter (filter set on the Product Name), the filter is not respected when the actions are done via hammer using the repository id.

Se ha detectado un fallo en la versión 3.4.5 del plugin katello de Foreman. Después de establecer un nuevo rol para permitir el acceso restringido a un repositorio con un filtro (filtro establecido en el nombre del producto), el filtro no se respeta cuando las acciones se realizan a través de hammer usando el id del repositorio.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2016-12-01 CVE Reserved
  • 2018-08-22 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-05 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-269: Improper Privilege Management
  • CWE-862: Missing Authorization
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Theforeman
Search vendor "Theforeman"
 Katello
Search vendor "Theforeman" for product "Katello"
 3.4.5
Search vendor "Theforeman" for product "Katello" and version "3.4.5"
-
Affected