hawtio-system is vulnerable to server-side request forgery (SSRF). A proxy whitelist that is configured to prevent accessing arbitrary URLs was configured but the vulnerability still exists as it is possible to submit HTTP requests to local addresses through the /proxy/
servlet page. This allows a remote attacker to access restricted resources that are only accessible from the server’s local subnet.
CPE | Name | Operator | Version |
---|---|---|---|
hawtio-system | le | 1.4.68 | |
hawtio-system | le | 1.4.26 | |
hawtio-system | le | 1.4.68 | |
hawtio-system | le | 1.4.26 |