{"id":"CVE-2017-2662","details":"A flaw was found in Foreman's katello plugin version 3.4.5. After setting a new role to allow restricted access on a repository with a filter (filter set on the Product Name), the filter is not respected when the actions are done via hammer using the repository id.","aliases":["GHSA-cpv6-pfq6-j2v7"],"modified":"2026-03-14T09:23:00.032470Z","published":"2018-08-22T16:29:01.417Z","references":[{"type":"ADVISORY","url":"https://projects.theforeman.org/issues/18838"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2662"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/katello/katello","events":[{"introduced":"0"},{"last_affected":"3a34a7897dbfe938e4cbe5e67c2c71e715df3b2a"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.4.5"}]}}],"versions":["2.4.0-RC1","3.4.0","3.4.0.1","3.4.0.2","3.4.0.rc2","3.4.1","3.4.2","3.4.4","3.4.5","katello-1.4.2-1","katello-1.4.3-1","katello-1.4.4-1","katello-1.4.5-1","katello-1.4.6-1","katello-1.4.7-1","katello-1.4.8-1","katello-1.4.9-1","katello-1.5.0-12","katello-1.5.0-13","katello-1.5.0-14","katello-1.5.1-1","katello-2.0.0-0","katello-2.1.0-1","katello-2.2.0-1","katello-2.3.0-1","rubygem-katello-1.5.0-10","rubygem-katello-1.5.0-11","rubygem-katello-1.5.0-12","rubygem-katello-1.5.0-9","rubygem-katello-2.0.0-1","rubygem-katello-2.1.0-1","rubygem-katello-2.2.0-1","rubygem-katello-2.2.0-2","rubygem-katello-2.3.0-1","rubygem-katello-2.3.0-2","rubygem-katello-2.4.0-1","rubygem-katello-2.4.0-2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-2662.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}]}