Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatcveRedhat.comRH:CVE-2018-10870
HistoryJul 19, 2018 - 8:49 a.m.

CVE-2018-10870

2018-07-1908:49:16
redhat.com
access.redhat.com
9

0.012 Low

EPSS

Percentile

85.4%

JSON

It has been discovered that redhat-certification does not properly sanitize paths in rhcertStore.py:__saveResultsFile. A remote attacker could use this flaw to overwrite any file, potentially gaining remote code execution.

Mitigation

If SELinux is enabled it further restricts the set of files an attacker may write to. This prevents some basic attacks that would allow to gain remote code execution, though it is not excluded other means are possible.

Related

veracode 1
cve 1
prion 1
nvd 1
cvelist 1
nessus 1
redhat 1
veracode
veracode
Remote Code Execution (RCE)
2019-05-16 03:10:58
cve
cve
CVE-2018-10870
2018-07-19 22:29:00
prion
prion
Remote code execution
2018-07-19 22:29:00
nvd
nvd
CVE-2018-10870
2018-07-19 22:29:00
cvelist
cvelist
CVE-2018-10870
2018-07-19 22:00:00
nessus
nessus
RHEL 7 : redhat-certification (RHSA-2018:2373)
2018-08-16 00:00:00
redhat
redhat
(RHSA-2018:2373) Critical: redhat-certification security update
2018-08-09 17:12:00

0.012 Low

EPSS

Percentile

85.4%

JSON
Related for RH:CVE-2018-10870
veracode1cve1prion1nvd1cvelist1nessus1redhat1