CVE-2018-10866

Name of the Vulnerable Software and Affected Versions redhat-certification version 7

Description The issue concerns the /configuration view of redhat-certification, which fails to perform an authorization check. This allows an unauthenticated user to remove a system file, specifically an XML file containing host-related information that does not belong to them.

Recommendations For redhat-certification version 7, consider restricting access to the /configuration view to prevent unauthorized removal of system files until a proper authorization check is implemented. As a temporary workaround, restrict access to the system XML files to minimize the risk of exploitation.