Vulnerability: Inconsistent Filter Enforcement in Foreman's Katello Plugin
CVE-2017-2662 · MEDIUM Severity
AV:N/AC:L/AU:S/C:P/I:N/A:N
A flaw was found in Foreman's katello plugin version 3.4.5. After setting a new role to allow restricted access on a repository with a filter (filter set on the Product Name), the filter is not respected when the actions are done via hammer using the repository id.
Learn more about our Web Application Penetration Testing UK.