Vulnerabilities > CVE-2018-10867 - Files or Directories Accessible to External Parties vulnerability in Redhat Certification 7.0

CVSS 9.1 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

redhat

CWE-552

critical

NVD

Published: 2021-05-26

Updated: 2024-11-21

Summary

Files are accessible without restrictions from the /update/results page of redhat-certification 7 package, allowing an attacker to remove any file accessible by the apached user.

Vulnerable Configurations

Part	Description	Count
Application	Redhat Redhat Certification 7.0	1

Common Weakness Enumeration (CWE)

CWE-552 - Files or Directories Accessible to External Parties

References

https://access.redhat.com/security/cve/CVE-2018-10867
https://access.redhat.com/security/cve/CVE-2018-10867
https://bugzilla.redhat.com/show_bug.cgi?id=1593764
https://bugzilla.redhat.com/show_bug.cgi?id=1593764