CVE-2017-2662 MEDIUM

CVE-2017-2662

Vendor The Foreman Project

Product foreman katello plugin

Weakness CWE-862 · Missing authorization

Published August 22, 2018

Last update August 5, 2024

View on NVD All CVEs

CVSS base score

4.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

A flaw was found in Foreman's katello plugin version 3.4.5. After setting a new role to allow restricted access on a repository with a filter (filter set on the Product Name), the filter is not respected when the actions are done via hammer using the repository id.

Key dates

02Disclosure timeline

August 22, 2018 CVE published

August 5, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2017-2662 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/862.html

Related vulnerabilities

04Related CVE

CVE-2024-33931 WordPress JW Player for WordPress plugin <= 2.3.3 - Broken Access Control vulnerability CVE-2025-42899 Missing Authorization check in SAP S4CORE (Manage Journal Entries) CVE-2023-40678 WordPress Simple URLs plugin <= 117 - Broken Access Control vulnerability CVE-2023-48759 WordPress JetElements For Elementor plugin <= 2.6.13 - Unauthenticated Arbitrary Attachment Download vulnerability CVE-2024-31273 WordPress JS Help Desk plugin <= 2.8.3 - Broken Access Control vulnerability