CVE-2017-2662
foreman: Managing repositories with their id via hammer does not respect the role filters
Severity Score
4.3
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A flaw was found in Foreman's katello plugin version 3.4.5. After setting a new role to allow restricted access on a repository with a filter (filter set on the Product Name), the filter is not respected when the actions are done via hammer using the repository id.
Se ha detectado un fallo en la versión 3.4.5 del plugin katello de Foreman. Después de establecer un nuevo rol para permitir el acceso restringido a un repositorio con un filtro (filtro establecido en el nombre del producto), el filtro no se respeta cuando las acciones se realizan a través de hammer usando el id del repositorio.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2016-12-01 CVE Reserved
- 2018-08-22 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-269: Improper Privilege Management
- CWE-862: Missing Authorization
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2662 | Issue Tracking |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://projects.theforeman.org/issues/18838 | 2023-02-12 | |
https://access.redhat.com/security/cve/CVE-2017-2662 | 2021-04-21 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1434106 | 2021-04-21 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Theforeman Search vendor "Theforeman" | Katello Search vendor "Theforeman" for product "Katello" | 3.4.5 Search vendor "Theforeman" for product "Katello" and version "3.4.5" | - |
Affected
|