CVE-2018-10899
published 2019-08-01CVE-2018-10899: A flaw was found in Jolokia versions from 1.2 to before 1.6.1. Affected versions are vulnerable to a system-wide CSRF. This holds true for properly configured…
high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
A flaw was found in Jolokia versions from 1.2 to before 1.6.1. Affected versions are vulnerable to a system-wide CSRF. This holds true for properly configured instances with strict checking for origin and referrer headers. This could result in a Remote Code Execution attack.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jolokia | jolokia | — | — |
| jolokia | jolokia | >= 1.2.0 < 1.6.1 | 1.6.1 |
| redhat | openstack | — | — |