CVE-2018-10865

Name of the Vulnerable Software and Affected Versions redhat-certification version 7

Description The issue concerns the /configuration view, which lacks an authorization check. This allows an unauthenticated user to invoke a restart RPC method on any accessible host, regardless of ownership.

Recommendations For redhat-certification version 7, consider restricting access to the /configuration view until a proper authorization check is implemented to prevent unauthorized RPC method calls. As a temporary workaround, restrict access to the restart RPC method to minimize the risk of exploitation.