Bug 1593764 (CVE-2018-10867)
| Summary: | CVE-2018-10867 redhat-certification: /uploads/results page allows to remove files | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Riccardo Schirone <rschiron> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | brose, gnichols |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
It has been discovered that redhat-certification does not restrict file access in the /update/results page. A remote attacker could use this vulnerability to remove any file accessible by the user which is running httpd.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-10-25 09:45:31 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1608788 | ||
| Bug Blocks: | 1593614 | ||
|
Description
Riccardo Schirone
2018-06-21 14:32:02 UTC
Acknowledgments: Name: Riccardo Schirone (Red Hat Product Security) Mitigation: If SELinux is enabled, it will restrict the number of files accessible by the httpd process. The uploadResults view does not properly check the resultsPath, allowing any user to download existing files. |