CVE-2018-10870

Опубликовано: 19 июл. 2018

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

redhat-certification does not properly sanitize paths in rhcertStore.py:__saveResultsFile. A remote attacker could use this flaw to overwrite any file, potentially gaining remote code execution.

Ссылки

http://www.securityfocus.com/bid/104857
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2018:2373
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10870
Issue Tracking
Mitigation
Vendor Advisory
http://www.securityfocus.com/bid/104857
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2018:2373
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10870
Issue Tracking
Mitigation
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:redhat:certification:-:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

EPSS

Процентиль: 82%

0.01786

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-22

CWE-20

Связанные уязвимости

CVE-2018-10870

CVSS3: 9.8

redhat

больше 7 лет назад

redhat-certification does not properly sanitize paths in rhcertStore.py:__saveResultsFile. A remote attacker could use this flaw to overwrite any file, potentially gaining remote code execution.

GHSA-3v7r-5qj8-2v68

CVSS3: 9.8

github

больше 3 лет назад

redhat-certification does not properly sanitize paths in rhcertStore.py:__saveResultsFile. A remote attacker could use this flaw to overwrite any file, potentially gaining remote code execution.

EPSS

Процентиль: 82%

0.01786

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-22

CWE-20