CVE-2018-10863

CWE-552 — Files Accessible to External Parties5 documents5 sources

Severity

7.5HIGH

EPSS

0.2%

top 53.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Certification

Timeline

PublishedMay 26

Latest updateMay 24

Description

It was discovered that redhat-certification 7 is not properly configured and it lists all files and directories in the /var/www/rhcert/store/transfer directory, through the /rhcert-transfer URL. An unauthorized attacker may use this flaw to gather sensible information.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5redhat-certificationredhat-certification 7

▶NVDredhat/certification7.0

🔴Vulnerability Details

GHSA

GHSA-m5xf-mwc4-9wpv: It has been discovered that redhat-certification is not properly configured and it lists all files and directories in the /var/www/rhcert/store/transf↗2022-05-24

▶

CVEList

CVE-2018-10863: It was discovered that redhat-certification 7 is not properly configured and it lists all files and directories in the /var/www/rhcert/store/transfer↗2021-05-26

▶

📋Vendor Advisories

Red Hat

redhat-certification: directory listing in /rhcert-transfer↗2018-06-22

▶

💬Community

Bugzilla

CVE-2018-10863 redhat-certification: directory listing in /rhcert-transfer↗2018-06-22

▶