9 matches found
CVE-2018-10869
The CVE-2018-10869 vulnerability affects redhat-certification and allows a remote attacker to download any file accessible by the web server user via the /download page due to improper access restriction. Red Hat’s RHSA-2018:2373 (and related advisories) document this issue and provide a security...
CVE-2018-10870
CVE-2018-10870 affects the Red Hat package redhat-certification. The issue is in rhcertStore.py:__saveResultsFile, which allows writing arbitrary files and can lead to remote code execution. Public sources (NVD, RHSA-2018:2373) describe the vulnerability as high/critical with network attack vecto...
CVE-2018-10864
Summary: CVE-2018-10864 affects Red Hat’s redhat-certification. The issue is an uncontrolled resource consumption in document loading, where an attacker can supply an existing but invalid XML file that is opened and never closed, potentially causing a Denial of Service. Root cause: improper handl...
CVE-2019-3897
CVE-2019-3897 affects Red Hat Certification 6 and 7. Affected component: /var/www/rhcert exposure allowing an unauthorized user to download any file by knowing its name. Root cause details are not provided in the available documents, but CVSS metrics indicate remote access with no authentication ...
CVE-2018-10863
CVE-2018-10863 affects redhat-certification 7, where improper configuration allows listing all files/directories under /var/www/rhcert/store/transfer via the /rhcert-transfer URL, enabling information disclosure. The impact is exposure of sensitive information, per multiple connected records. Exp...
CVE-2018-10868
CVE-2018-10868 concerns Red Hat Certification (redhat-certification) 7, where the XML parser allows an unbounded number of recursive entity definitions. The root cause is improper restriction of recursive definitions in XML documents, enabling an unauthenticated user to trigger a memory/time exha...
CVE-2018-10866
CVE-2018-10866 affects redhat-certification version 7. The vulnerability stems from the /configuration view not performing an authorization check, enabling an unauthenticated user to remove a host-specific XML file (a “system” file). This represents an integrity/availability risk without requirin...
CVE-2018-10867
CVE-2018-10867 affects Red Hat redhat-certification 7. The flaw is an access-control error on the /update/results page, allowing a remote attacker to delete any file accessible by the user running httpd (apache). Root cause: insufficient access restriction for update results. Impact: potential da...
CVE-2018-10865
The vulnerability CVE-2018-10865 affects redhat-certification version 7 and involves the /configuration view lacking proper authorization. An unauthenticated user can call a restart RPC method on any host accessible by the system, even if not owned by them, potentially causing disruption or denia...