Files are accessible without restrictions from the /update/results page of redhat-certification 7 package, allowing an attacker to remove any file accessible by the apached user.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1593764 | Issue Tracking Vendor Advisory |
https://access.redhat.com/security/cve/CVE-2018-10867 | Vendor Advisory |
Configurations
Information
Published : 2021-05-26 12:15
Updated : 2023-02-10 09:56
NVD link : CVE-2018-10867
Mitre link : CVE-2018-10867
JSON object : View
CWE
CWE-552
Files or Directories Accessible to External Parties
Products Affected
redhat
- certification