Certification
CVE-2018-10869
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any file accessible by the user running httpd.
AnalysisAI
redhat-certification does not properly restrict files that can be download through the /download page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-552. redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any file accessible by the user running httpd. Affected products include: Redhat Certification, Redhat Enterprise Linux.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Certification
View allredhat-certification does not properly sanitize paths in rhcertStore.py:__saveResultsFile. Rated critical severity (CVSS
An uncontrolled resource consumption flaw has been discovered in redhat-certification in the way documents are loaded. R
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today