Lucene search
GitHub Advisory DatabaseGHSA-FJHW-8222-G2HGHistoryMay 17, 2022 - 4:31 a.m.
Cross-Site Request Forgery in Jolokia
2022-05-1704:31:39
CWE-352
GitHub Advisory Database
github.com
11
csrf
jolokia
vulnerability
remote attackers
authentication
mbeans
web page
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
0.002
Percentile
55.7%
Cross-site request forgery (CSRF) vulnerability in Jolokia before 1.2.1 allows remote attackers to hijack the authentication of users for requests that execute MBeans methods via a crafted web page.
Affected configurations
Node
org.jolokiajolokia-coreRange<1.2.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| org.jolokia | jolokia-core | * | cpe:2.3:a:org.jolokia:jolokia-core:*:*:*:*:*:*:*:* |
Related
osv
osv
Cross-Site Request Forgery in Jolokia
2022-05-17 04:31:39
prion
prion
Cross site request forgery (csrf)
2014-10-06 14:55:00
cvelist
cvelist
CVE-2014-0168
2014-10-06 14:00:00
nvd
nvd
CVE-2014-0168
2014-10-06 14:55:08
cve
cve
CVE-2014-0168
2014-10-06 14:55:08
redhat
redhat
(RHSA-2014:1351) Important: Red Hat JBoss Fuse/A-MQ 6.1.0 security update
2014-10-01 18:06:06
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
0.002
Percentile
55.7%
Related for GHSA-FJHW-8222-G2HG