CSRF Vulnerability in Hawtio by Red Hat
CVE-2017-7556

8.8HIGH

Key Information:

Vendor
Red Hat
Status
Vendor
CVE Published:
17 August 2017

Summary

Hawtio versions up to 1.5.3 are susceptible to a Cross-Site Request Forgery (CSRF) vulnerability that enables remote attackers to manipulate user actions. By enticing users to visit a malicious website hosting a harmful script, an attacker can perform unauthorized actions on the Hawtio server on the user's behalf, compromising user data and system integrity. Vigilance is essential to safeguard against such threats, and updating to the latest version is recommended for enhanced security.

Affected Version(s)

hawtio up to and including 1.5.3

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.