CVE-2018-10863

Published: May 26, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

It was discovered that redhat-certification 7 is not properly configured and it lists all files and directories in the /var/www/rhcert/store/transfer directory, through the /rhcert-transfer URL. An unauthorized attacker may use this flaw to gather sensible information.

Affected (1)

Products: Redhat: Certification

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Certification	Version 7.0

Related CWEs

Files or Directories Accessible to External Parties

The product makes files or directories accessible to unauthorized actors, even though they should not be.

References (4)

https://access.redhat.com/security/cve/CVE-2018-10863

Source: secalert@redhat.com

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1594122

Source: secalert@redhat.com

Issue TrackingVendor Advisory

https://access.redhat.com/security/cve/CVE-2018-10863

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1594122

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

Timeline

No history available yet.