Описание
A flaw was found in Foreman's katello plugin version 3.4.5. After setting a new role to allow restricted access on a repository with a filter (filter set on the Product Name), the filter is not respected when the actions are done via hammer using the repository id.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ceph Storage 1.3 | foreman | Will not fix | ||
| Red Hat Satellite 6.9 for RHEL 7 | foreman | Fixed | RHSA-2021:1313 | 21.04.2021 |
| Red Hat Satellite 6.9 for RHEL 7 | foreman | Fixed | RHSA-2021:1313 | 21.04.2021 |
Показывать по
10
Дополнительная информация
Статус:
Low
Дефект:
CWE-862
https://bugzilla.redhat.com/show_bug.cgi?id=1434106foreman: Managing repositories with their id via hammer does not respect the role filters
4.3 Medium
CVSS3
Связанные уязвимости
CVSS3: 4.3
nvd
больше 7 лет назад
A flaw was found in Foreman's katello plugin version 3.4.5. After setting a new role to allow restricted access on a repository with a filter (filter set on the Product Name), the filter is not respected when the actions are done via hammer using the repository id.
CVSS3: 4.3
debian
больше 7 лет назад
A flaw was found in Foreman's katello plugin version 3.4.5. After sett ...
CVSS3: 4.3
github
больше 3 лет назад
katello Improper Privilege Management vulnerability
4.3 Medium
CVSS3