It was discovered that the /configuration view of redhat-certification 7 does not perform an authorization check and it allows an unauthenticated user to call a "restart" RPC method on any host accessible by the system, even if not belonging to him.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1593631 | Issue Tracking Vendor Advisory |
https://access.redhat.com/security/cve/CVE-2018-10865 | Vendor Advisory |
Configurations
Information
Published : 2021-05-26 12:15
Updated : 2023-02-10 09:51
NVD link : CVE-2018-10865
Mitre link : CVE-2018-10865
JSON object : View
CWE
CWE-862
Missing Authorization
Products Affected
redhat
- certification