4 matches found
CVE-2018-10869
The CVE-2018-10869 vulnerability affects redhat-certification and allows a remote attacker to download any file accessible by the web server user via the /download page due to improper access restriction. Red Hat’s RHSA-2018:2373 (and related advisories) document this issue and provide a security...
CVE-2018-10870
CVE-2018-10870 affects the Red Hat package redhat-certification. The issue is in rhcertStore.py:__saveResultsFile, which allows writing arbitrary files and can lead to remote code execution. Public sources (NVD, RHSA-2018:2373) describe the vulnerability as high/critical with network attack vecto...
CVE-2018-10864
Summary: CVE-2018-10864 affects Red Hat’s redhat-certification. The issue is an uncontrolled resource consumption in document loading, where an attacker can supply an existing but invalid XML file that is opened and never closed, potentially causing a Denial of Service. Root cause: improper handl...
CVE-2019-3897
CVE-2019-3897 affects Red Hat Certification 6 and 7. Affected component: /var/www/rhcert exposure allowing an unauthorized user to download any file by knowing its name. Root cause details are not provided in the available documents, but CVSS metrics indicate remote access with no authentication ...