PT-2019-8770 · Jolokia · Jolokia

Laura Pardo

Published

2019-08-01

Updated

2022-05-24

CVE-2018-10899

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Jolokia versions 1.2 through 1.6.0

Description A flaw in the software makes it vulnerable to a system-wide CSRF attack, even in properly configured instances with strict checking for origin and referrer headers. This could potentially result in a Remote Code Execution attack.

Recommendations For Jolokia versions 1.2 through 1.6.0, update to version 1.6.1 or later to resolve the issue.

Fix

RCE

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-352

Related Identifiers

CVE-2018-10899

GHSA-XCXF-7Q4P-CJ26

Affected Products

Jolokia

PT-2019-8770 · Jolokia · Jolokia

CVE-2018-10899

Weakness Enumeration

Related Identifiers

Affected Products

References · 21