Files are accessible without restrictions from the /update/results page of redhat-certification package, allowing an attacker to remove any file accessible by the apached user.
Acknowledgments: Name: Riccardo Schirone (Red Hat Product Security)
Mitigation: If SELinux is enabled, it will restrict the number of files accessible by the httpd process.
The uploadResults view does not properly check the resultsPath, allowing any user to download existing files.