Описание
It has been discovered in redhat-certification that any unauthorized user may download any file under /var/www/rhcert, provided they know its name. Red Hat Certification 6 and 7 is vulnerable to this issue.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Certification for Red Hat Enterprise Linux 6 | redhat-certification | Affected | ||
| Red Hat Certification for Red Hat Enterprise Linux 7 | redhat-certification | Affected |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-552
https://bugzilla.redhat.com/show_bug.cgi?id=1593768redhat-certification: /rhcert allows to download any file under /var/www/rhcert directory
5.3 Medium
CVSS3
Связанные уязвимости
CVSS3: 5.3
nvd
почти 5 лет назад
It has been discovered in redhat-certification that any unauthorized user may download any file under /var/www/rhcert, provided they know its name. Red Hat Certification 6 and 7 is vulnerable to this issue.
github
больше 3 лет назад
It has been discovered in redhat-certification that any unauthorized user may download any file under /var/www/rhcert, provided they know its name. Red Hat Certification 6 and 7 is vulnerable to this issue.
5.3 Medium
CVSS3