Vulnerability: Inconsistent Filter Enforcement in Foreman's Katello Plugin

Vulnerability: Inconsistent Filter Enforcement in Foreman's Katello Plugin

CVE-2017-2662 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

A flaw was found in Foreman's katello plugin version 3.4.5. After setting a new role to allow restricted access on a repository with a filter (filter set on the Product Name), the filter is not respected when the actions are done via hammer using the repository id.

Learn more about our Web Application Penetration Testing UK.