CVE-2023-33544

Name of the Vulnerable Software and Affected Versions hawtio version 2.17.2

Description The issue allows an attacker to input malicious zip files, which can result in high-risk files after decompression being stored in any location, potentially leading to file overwrite. This is due to a Path Traversal vulnerability.

Recommendations For hawtio version 2.17.2, consider restricting the input of zip files or implementing validation to prevent malicious files from being decompressed and stored in sensitive locations. As a temporary workaround, avoid using the zip file upload feature until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.