CVE-2017-7556

Name of the Vulnerable Software and Affected Versions Hawtio versions up to and including 1.5.3

Description The issue allows remote attackers to trick the user into visiting a website containing a malicious script, which can then be submitted to the Hawtio server on behalf of the user. This is due to a CSRF flaw that enables unrelated websites to perform actions as the authenticated user. Attackers could exploit this to trick users into visiting their website, which contains a malicious script that can be submitted to the Hawtio server.

Recommendations For Hawtio versions up to and including 1.5.3, update to a version later than 1.5.3 to resolve the issue. As a temporary workaround, consider implementing additional CSRF protection measures to minimize the risk of exploitation.