hawtio-system is vulnerable to a cross-site request forgery (CSRF) attack. The library uses the incorrect header in its CORS Filters, allowing a malicious user to redirect another user to a malicious website that can perform actions as the target user.
CPE | Name | Operator | Version |
---|---|---|---|
hawtio-system | le | 1.5.3 | |
hawtio-core | eq | 1.5.3 |