GHSA-cpv6-pfq6-j2v7

Suggest an improvement
Source
https://github.com/advisories/GHSA-cpv6-pfq6-j2v7
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-cpv6-pfq6-j2v7/GHSA-cpv6-pfq6-j2v7.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-cpv6-pfq6-j2v7
Aliases
Published
2022-05-13T01:36:51Z
Modified
2023-11-08T03:59:19.608016Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
katello Improper Privilege Management vulnerability
Details

A flaw was found in Foreman's katello plugin version 3.4.5. After setting a new role to allow restricted access on a repository with a filter (filter set on the Product Name), the filter is not respected when the actions are done via hammer using the repository id.

References

Affected packages

RubyGems / katello

Package

Name
katello
Purl
pkg:gem/katello

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.17.0.rc1

Affected versions

1.*

1.5.0

2.*

2.2.2
2.4.0.rc1
2.4.0.rc2
2.4.0.rc3
2.4.0
2.4.1
2.4.2
2.4.3
2.4.4
2.4.5

3.*

3.0.0.rc1
3.0.0.rc2
3.0.0.rc3
3.0.0.rc4
3.0.0.rc5
3.0.0.rc7
3.0.0
3.0.1
3.0.2
3.1.0.rc1
3.1.0.rc2.1
3.1.0
3.1.0.1
3.2.0.rc1
3.2.0.rc1.1
3.2.0.rc2
3.2.0.rc3
3.2.0
3.2.1
3.2.1.1
3.3.0.rc1
3.3.0.rc1.1
3.3.0.rc2
3.3.0
3.3.0.1
3.3.1
3.3.1.1
3.3.2
3.4.0.rc1
3.4.0.rc2
3.4.0
3.4.0.1
3.4.0.2
3.4.1
3.4.2
3.4.4
3.4.5
3.5.0.rc1
3.5.0.rc2
3.5.0
3.5.0.1
3.5.1
3.5.1.1
3.5.2
3.6.0.rc1
3.6.0.rc2
3.6.0
3.6.0.1.rc2
3.7.0.rc1
3.7.0.rc2
3.7.0
3.7.1
3.7.1.1
3.8.0.rc1
3.8.0.rc2
3.8.0.rc3
3.8.0
3.8.1
3.9.0.rc1
3.9.0.rc2
3.9.0
3.9.1
3.10.0.rc1
3.10.0.rc1.1
3.10.0
3.10.1
3.10.1.1
3.10.2
3.11.0.rc1
3.11.0.rc2
3.11.0
3.11.1
3.11.2
3.12.0.rc1
3.12.0.rc2
3.12.0
3.12.1
3.12.2
3.12.3
3.13.0.rc1
3.13.0.rc2
3.13.0.rc2.1
3.13.0
3.13.1
3.13.2
3.13.3
3.13.4
3.14.0.rc1
3.14.0.rc2
3.14.0
3.14.1
3.15.0.rc1
3.15.0.rc1.1
3.15.0.rc1.2
3.15.0.rc1.3
3.15.0.rc2
3.15.0
3.15.0.1
3.15.1
3.15.1.1
3.15.2
3.15.3
3.15.3.1
3.16.0.rc1
3.16.0.rc1.1
3.16.0.rc2
3.16.0.rc2.1
3.16.0.rc3
3.16.0.rc3.1
3.16.0.rc4
3.16.0.rc4.1
3.16.0.rc5
3.16.0.rc5.1
3.16.0
3.16.1
3.16.1.1
3.16.1.2
3.16.2