GHSA-q4q2-fvwf-6ghv

Suggest an improvement
Source
https://github.com/advisories/GHSA-q4q2-fvwf-6ghv
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-q4q2-fvwf-6ghv/GHSA-q4q2-fvwf-6ghv.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-q4q2-fvwf-6ghv
Aliases
Published
2022-05-13T01:36:16Z
Modified
2023-11-08T03:59:25.173379Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Cross-Site Request Forgery in hawtio
Details

It was found that hawtio contains a CSRF flaw that allows unrelated websites to perform actions as the authenticated user. Attackers could use this vulnerability to trick the user to visit his website that contains a malicious script which can be submitted to hawtio server on behalf of the user.

References

Affected packages

Maven / io.hawt:project

Package

Name
io.hawt:project
View open source insights on deps.dev
Purl
pkg:maven/io.hawt/project

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.5.4

Affected versions

1.*

1.0
1.1
1.2-M1
1.2-M2
1.2-M3
1.2-M4
1.2-M5
1.2-M6
1.2-M7
1.2-M8
1.2-M9
1.2-M10
1.2-M11
1.2-M13
1.2-M14
1.2-M16
1.2-M19
1.2-M20
1.2-M22
1.2-M23
1.2-M24
1.2-M25
1.2-M26
1.2-M27
1.2.0
1.2.1
1.2.2
1.2.3
1.3.0
1.3.1
1.4.0
1.4.1
1.4.2
1.4.4
1.4.5
1.4.6
1.4.7
1.4.8
1.4.9
1.4.10
1.4.11
1.4.12
1.4.14
1.4.15
1.4.16
1.4.17
1.4.18
1.4.19
1.4.20
1.4.21
1.4.22
1.4.23
1.4.24
1.4.25
1.4.26
1.4.27
1.4.28
1.4.29
1.4.30
1.4.31
1.4.32
1.4.33
1.4.34
1.4.35
1.4.36
1.4.37
1.4.38
1.4.39
1.4.40
1.4.41
1.4.42
1.4.43
1.4.44
1.4.45
1.4.46
1.4.47
1.4.48
1.4.49
1.4.50
1.4.51
1.4.52
1.4.53
1.4.54
1.4.55
1.4.56
1.4.57
1.4.58
1.4.59
1.4.60
1.4.61
1.4.62
1.4.63
1.4.64
1.4.65
1.4.66
1.4.67
1.4.68
1.5.0
1.5.X
1.5.1
1.5.2
1.5.3