CVE-2018-10865

CVE-2018-10865

Vendor N/A
Product redhat-certification
Weakness CWE-862 · Missing authorization
Published May 26, 2021
Last update August 5, 2024

CVSS base score

What the vulnerability does

01Description

It was discovered that the /configuration view of redhat-certification 7 does not perform an authorization check and it allows an unauthenticated user to call a "restart" RPC method on any host accessible by the system, even if not belonging to him.

Key dates

02Disclosure timeline

May 26, 2021 CVE published
August 5, 2024 Record updated