Description

Hawtio versions up to and including 1.5.3 are vulnerable to CSRF vulnerability allowing remote attackers to trick the user to visit their website containing a malicious script which can be submitted to hawtio server on behalf of the user.

Remediation

References

http://www.securityfocus.com/bid/100411

https://bugzilla.redhat.com/show_bug.cgi?id=1480060

Related Vulnerabilities

CVE-2021-23507 Vulnerability in npm package object-path-set

CVE-2021-44667 Vulnerability in maven package com.alibaba.nacos:nacos-common

CVE-2017-1000188 Vulnerability in maven package org.webjars.npm:ejs

CVE-2020-28472 Vulnerability in maven package org.webjars.bower:aws-sdk

CVE-2017-2638 Vulnerability in maven package org.infinispan:infinispan-compatibility-mode-it

Severity

Critical

Classification

CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Third Party Advisory VDB Entry Issue Tracking