{"containers": {"cna": {"affected": [{"product": "rhcertstore.py", "vendor": "redhat-certification", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-06-21T00:00:00", "descriptions": [{"lang": "en", "value": "redhat-certification does not properly sanitize paths in rhcertStore.py:__saveResultsFile. A remote attacker could use this flaw to overwrite any file, potentially gaining remote code execution."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-08-10T09:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10870"}, {"name": "RHSA-2018:2373", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:2373"}, {"name": "104857", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/104857"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2018-10870", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "rhcertstore.py", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "redhat-certification"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "redhat-certification does not properly sanitize paths in rhcertStore.py:__saveResultsFile. A remote attacker could use this flaw to overwrite any file, potentially gaining remote code execution."}]}, "impact": {"cvss": [[{"vectorString": "9.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}]]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-22"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10870", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10870"}, {"name": "RHSA-2018:2373", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2373"}, {"name": "104857", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104857"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T07:46:47.511Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10870"}, {"name": "RHSA-2018:2373", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:2373"}, {"name": "104857", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/104857"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2018-10870", "datePublished": "2018-07-19T22:00:00", "dateReserved": "2018-05-09T00:00:00", "dateUpdated": "2024-08-05T07:46:47.511Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:certification:-:*:*:*:*:*:*:*", "matchCriteriaId": "1854E0A8-A08D-451E-9BDB-6548A9DD451D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "redhat-certification does not properly sanitize paths in rhcertStore.py:__saveResultsFile. A remote attacker could use this flaw to overwrite any file, potentially gaining remote code execution."}, {"lang": "es", "value": "redhat-certification no sanea correctamente las rutas en rhcertStore.py:__saveResultsFile. Un atacante remoto podr\u00eda emplear este error para sobrescribir cualquier archivo, pudiendo ejecutar c\u00f3digo remotamente."}], "id": "CVE-2018-10870", "lastModified": "2024-11-21T03:42:11.087", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "secalert@redhat.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-07-19T22:29:00.293", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/104857"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:2373"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Mitigation", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10870"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/104857"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:2373"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mitigation", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10870"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Riccardo Schirone (Red Hat Product Security).", "affected_release": [{"advisory": "RHSA-2018:2373", "cpe": "cpe:/a:redhat:certifications:1::el7", "package": "redhat-certification-0:5.16-20180809.el7", "product_name": "Red Hat Certification for Red Hat Enterprise Linux 7", "release_date": "2018-08-09T00:00:00Z"}, {"advisory": "RHSA-2018:2373", "cpe": "cpe:/a:redhat:certifications:1::el7", "package": "redhat-certification-hardware-0:5.16-20180809.1.el7", "product_name": "Red Hat Certification for Red Hat Enterprise Linux 7", "release_date": "2018-08-09T00:00:00Z"}, {"advisory": "RHSA-2018:2373", "cpe": "cpe:/a:redhat:certifications:1::el7", "package": "redhat-certification-hardware-preview-0:5.16-20180809.1.el7", "product_name": "Red Hat Certification for Red Hat Enterprise Linux 7", "release_date": "2018-08-09T00:00:00Z"}], "bugzilla": {"description": "redhat-certification: rhcertStore.py: __saveResultsFile allows to write any file", "id": "1593803", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593803"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-22", "details": ["redhat-certification does not properly sanitize paths in rhcertStore.py:__saveResultsFile. A remote attacker could use this flaw to overwrite any file, potentially gaining remote code execution.", "It has been discovered that redhat-certification does not properly sanitize paths in rhcertStore.py:__saveResultsFile. A remote attacker could use this flaw to overwrite any file, potentially gaining remote code execution."], "mitigation": {"lang": "en:us", "value": "If SELinux is enabled it further restricts the set of files an attacker may write to. This prevents some basic attacks that would allow to gain remote code execution, though it is not excluded other means are possible."}, "name": "CVE-2018-10870", "package_state": [{"cpe": "cpe:/a:redhat:certifications:1::el6", "fix_state": "Not affected", "package_name": "redhat-certification", "product_name": "Red Hat Certification for Red Hat Enterprise Linux 6"}], "public_date": "2018-07-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-10870\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10870"], "threat_severity": "Critical"}