0.012 Low
EPSS
Percentile
85.4%
redhat-certification is vulnerable to remote code execution (RCE) attacks. This is because redhat-certification does not properly sanitize paths in rhcertStore.py:__saveResultsFile. A remote attacker could use this flaw to overwrite any file.
rhcertStore.py:__saveResultsFile
www.securityfocus.com/bid/104857
access.redhat.com/errata/RHSA-2018:2373
access.redhat.com/security/updates/classification/#critical
bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10870