CVE-2018-10869Files or Directories Accessible to External Parties in Redhat Enterprise Linux

CWE-552Files or Directories Accessible to External PartiesCWE-732Incorrect Permission Assignment4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.5%
top 32.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Enterprise Linux
Timeline
PublishedJul 19
Latest updateMay 13

Description

redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any file accessible by the user running httpd.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages0 packages

Also affects: Enterprise Linux 7.0

🔴Vulnerability Details

1
GHSA
GHSA-5v46-5c9p-j4mg: redhat-certification does not properly restrict files that can be download through the /download page2022-05-13

📋Vendor Advisories

1
Red Hat
redhat-certification: /download allows to download any file2018-07-18

💬Community

1
Bugzilla
CVE-2018-10869 redhat-certification: /download allows to download any file2018-06-21