GSA_kwCzR0hTQS1jcHY2LXBmcTYtajJ2N84AARb-

Moderate EPSS: 0.00115% (0.313 Percentile) EPSS:

Permalink JSON

katello Improper Privilege Management vulnerability

Affected Packages	Affected Versions	Fixed Versions
rubygems:katello PURL: `pkg:gem/katello`	< 3.17.0.rc1	3.17.0.rc1
9 Dependent packages 10 Dependent repositories 396,498 Downloads total Affected Version Ranges All affected versions All unaffected versions 1.5.0, 2.2.2, 2.4.0, 2.4.1, 2.4.2, 2.4.3, 2.4.4, 2.4.5, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 3.2.0, 3.2.1, 3.3.0, 3.3.1, 3.3.2, 3.4.0, 3.4.1, 3.4.2, 3.4.4, 3.4.5, 3.5.0, 3.5.1, 3.5.2, 3.6.0, 3.7.0, 3.7.1, 3.8.0, 3.8.1, 3.9.0, 3.9.1, 3.10.0, 3.10.1, 3.10.2, 3.11.0, 3.11.1, 3.11.2, 3.12.0, 3.12.1, 3.12.2, 3.12.3, 3.13.0, 3.13.1, 3.13.2, 3.13.3, 3.13.4, 3.14.0, 3.14.1, 3.15.0, 3.15.1, 3.15.2, 3.15.3, 3.16.0, 3.16.1, 3.16.2, 3.17.0, 3.17.1, 3.17.2, 3.17.3, 3.18.0, 3.18.1, 3.18.2, 3.18.3, 3.18.4, 3.18.5, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.2.1, 4.2.2, 4.3.0, 4.3.1, 4.4.0, 4.4.1, 4.4.2, 4.5.0, 4.5.1, 4.6.0, 4.6.1, 4.6.2, 4.7.0, 4.7.1, 4.7.2, 4.7.3, 4.7.4, 4.7.5, 4.7.6, 4.8.0, 4.8.1, 4.8.2, 4.8.3, 4.8.4, 4.9.0, 4.9.1, 4.9.2, 4.10.0, 4.11.0, 4.11.1, 4.12.0, 4.12.1, 4.13.0, 4.13.1, 4.14.0, 4.14.1, 4.14.2, 4.14.3, 4.15.0, 4.15.1, 4.16.0, 4.16.1, 4.16.2, 4.16.3, 4.17.0, 4.17.1

A flaw was found in Foreman's katello plugin version 3.4.5. After setting a new role to allow restricted access on a repository with a filter (filter set on the Product Name), the filter is not respected when the actions are done via hammer using the repository id.

References:

Identifiers

GHSA-cpv6-pfq6-j2v7

CVE-2017-2662

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.00115

EPSS Percentile: 0.313

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/Katello/katello

Date and time

Published

over 3 years ago

Updated

over 2 years ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories