It was discovered that redhat-certification allows an unauthenticated user to download any file accessible by the user running the httpd server, through the /download URL.
Acknowledgments: Name: Riccardo Schirone (Red Hat Product Security)
Mitigation: If SELinux is enabled it further restricts the set of files that can be downloaded through this flaw.
The argument rpath of the /download view is not validated, thus it allows any file to be downloaded.
This issue has been addressed in the following products: Red Hat Certification for Red Hat Enterprise Linux 7 Via RHSA-2018:2373 https://access.redhat.com/errata/RHSA-2018:2373