8 High
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
68.7%
redhat-certification does not properly restrict files that can be download through the /download page. A remote attacker may download any file accessible by the user running httpd.
www.securityfocus.com/bid/105061
access.redhat.com/errata/RHSA-2018:2373
bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10869