Main Vulnerability Database SB2018082222

SB2018082222 - Improper Privilege Management in Katello

Published: August 22, 2018 Updated: August 8, 2020

Security Bulletin ID SB2018082222

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper Privilege Management (CVE-ID: CVE-2017-2662)

The vulnerability allows a remote authenticated user to gain access to sensitive information.

A flaw was found in Foreman's katello plugin version 3.4.5. After setting a new role to allow restricted access on a repository with a filter (filter set on the Product Name), the filter is not respected when the actions are done via hammer using the repository id.

Remediation

Install update from vendor's website.

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2662
https://projects.theforeman.org/issues/18838