PT-2021-8690 · Red Hat · Redhat-Certification
Riccardo Schirone
·
Published
2021-05-26
·
Updated
2023-02-10
·
CVE-2018-10863
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
redhat-certification version 7
Description
The issue is related to improper configuration, which allows listing of all files and directories in the /var/www/rhcert/store/transfer directory through the "/rhcert-transfer" API endpoint. This could be exploited by an unauthorized attacker to gather sensitive information.
Recommendations
For redhat-certification version 7, restrict access to the /rhcert-transfer URL to prevent unauthorized listing of files and directories.
Fix
Files Accessible to External Parties
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Redhat-Certification