GHSA-cpv6-pfq6-j2v7
Suggest an improvement- Source
- https://github.com/advisories/GHSA-cpv6-pfq6-j2v7
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-cpv6-pfq6-j2v7/GHSA-cpv6-pfq6-j2v7.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-cpv6-pfq6-j2v7
- Aliases
- Published
- 2022-05-13T01:36:51Z
- Modified
- 2023-11-08T03:59:19.608016Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- katello Improper Privilege Management vulnerability
- Details
-
A flaw was found in Foreman's katello plugin version 3.4.5. After setting a new role to allow restricted access on a repository with a filter (filter set on the Product Name), the filter is not respected when the actions are done via hammer using the repository id.
- Database specific
{ "nvd_published_at": "2018-08-22T16:29:00Z", "github_reviewed_at": "2023-01-27T00:52:53Z", "severity": "MODERATE", "github_reviewed": true, "cwe_ids": [ "CWE-269" ] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2017-2662
- https://github.com/Katello/katello/pull/8772
- https://github.com/Katello/katello/commit/853260e3e9f94179d5881199e7885d1c08e600f6
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2662
- https://github.com/Katello/katello
- https://projects.theforeman.org/issues/18838
Affected packages
RubyGems / katello
Package
- Name
- katello
- Purl
- pkg:gem/katello
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.17.0.rc1
Affected versions
1.*
1.5.0
2.*
2.2.2
2.4.0.rc1
2.4.0.rc2
2.4.0.rc3
2.4.0
2.4.1
2.4.2
2.4.3
2.4.4
2.4.5
3.*
3.0.0.rc1
3.0.0.rc2
3.0.0.rc3
3.0.0.rc4
3.0.0.rc5
3.0.0.rc7
3.0.0
3.0.1
3.0.2
3.1.0.rc1
3.1.0.rc2.1
3.1.0
3.1.0.1
3.2.0.rc1
3.2.0.rc1.1
3.2.0.rc2
3.2.0.rc3
3.2.0
3.2.1
3.2.1.1
3.3.0.rc1
3.3.0.rc1.1
3.3.0.rc2
3.3.0
3.3.0.1
3.3.1
3.3.1.1
3.3.2
3.4.0.rc1
3.4.0.rc2
3.4.0
3.4.0.1
3.4.0.2
3.4.1
3.4.2
3.4.4
3.4.5
3.5.0.rc1
3.5.0.rc2
3.5.0
3.5.0.1
3.5.1
3.5.1.1
3.5.2
3.6.0.rc1
3.6.0.rc2
3.6.0
3.6.0.1.rc2
3.7.0.rc1
3.7.0.rc2
3.7.0
3.7.1
3.7.1.1
3.8.0.rc1
3.8.0.rc2
3.8.0.rc3
3.8.0
3.8.1
3.9.0.rc1
3.9.0.rc2
3.9.0
3.9.1
3.10.0.rc1
3.10.0.rc1.1
3.10.0
3.10.1
3.10.1.1
3.10.2
3.11.0.rc1
3.11.0.rc2
3.11.0
3.11.1
3.11.2
3.12.0.rc1
3.12.0.rc2
3.12.0
3.12.1
3.12.2
3.12.3
3.13.0.rc1
3.13.0.rc2
3.13.0.rc2.1
3.13.0
3.13.1
3.13.2
3.13.3
3.13.4
3.14.0.rc1
3.14.0.rc2
3.14.0
3.14.1
3.15.0.rc1
3.15.0.rc1.1
3.15.0.rc1.2
3.15.0.rc1.3
3.15.0.rc2
3.15.0
3.15.0.1
3.15.1
3.15.1.1
3.15.2
3.15.3
3.15.3.1
3.16.0.rc1
3.16.0.rc1.1
3.16.0.rc2
3.16.0.rc2.1
3.16.0.rc3
3.16.0.rc3.1
3.16.0.rc4
3.16.0.rc4.1
3.16.0.rc5
3.16.0.rc5.1
3.16.0
3.16.1
3.16.1.1
3.16.1.2
3.16.2