CVE-2018-10865

CWE-862 ā€” Missing Authorization5 documents5 sources
Severity
7.5HIGH
EPSS
1.0%
top 23.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Certification
Timeline
PublishedMay 26
Latest updateMay 24

Description

It was discovered that the /configuration view of redhat-certification 7 does not perform an authorization check and it allows an unauthenticated user to call a "restart" RPC method on any host accessible by the system, even if not belonging to him.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

ā–¶CVEListV5redhat-certificationredhat-certification 7

šŸ”“Vulnerability Details

2
GHSA
GHSA-rvw8-rq4h-hvg2: It has been discovered that redhat-certification does not perform an authorization check and allows an unauthenticated user to call a "restart" RPC meā†—2022-05-24
ā–¶
CVEList
CVE-2018-10865: It was discovered that the /configuration view of redhat-certification 7 does not perform an authorization check and it allows an unauthenticated userā†—2021-05-26
ā–¶

šŸ“‹Vendor Advisories

1
Red Hat
redhat-certification: "restart" a node without authorizationā†—2018-06-21
ā–¶

šŸ’¬Community

1
Bugzilla
CVE-2018-10865 redhat-certification: "restart" a node without authorizationā†—2018-06-21
ā–¶
CVE-2018-10865 (HIGH CVSS 7.5) | It was discovered that the /configu | cvebase.io