Access Control Flaw in Foreman's Katello Plugin by Red Hat
CVE-2017-2662

4.3MEDIUM

Key Information:

Vendor: The Foreman Project
Status: Foreman Katello Plugin
Vendor: CVE Published:; 22 August 2018

🔔 Create The Foreman Project Vulnerability Alert

What is CVE-2017-2662?

An access control flaw exists in Foreman's Katello Plugin version 3.4.5 that compromises repository security. When a new role is established to restrict access based on a specific product name filter, this restriction is not honored in operations performed via the hammer command-line interface using the repository ID. Consequently, unauthorized users may execute actions on repositories they should not have access to, leading to potential data exposure and integrity risks.

Affected Version(s)

foreman katello plugin 3.4.5

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2662

x_refsource_CONFIRM

https://projects.theforeman.org/issues/18838

x_refsource_CONFIRM

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 22, 2018
Vulnerability Reserved
Dec 1, 2016

CVE-2017-2662 Data

JSON