CVE-2023-33544Path Traversal in Hawtio

CWE-22Path Traversal5 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 80.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Hawt Hawtio
Timeline
PublishedJun 1

Description

hawtio 2.17.2 is vulnerable to Path Traversal. it is possible to input malicious zip files, which can result in the high-risk files after decompression being stored in any location, even leading to file overwrite.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

NVDhawt/hawtio2.17.2

🔴Vulnerability Details

3
OSV
hawtio vulnerable to Path Traversal2023-06-01
GHSA
hawtio vulnerable to Path Traversal2023-06-01
CVEList
CVE-2023-33544: hawtio 22023-06-01

📋Vendor Advisories

1
Red Hat
hawtio: path traversal via unsafe zip decompression2023-06-01
CVE-2023-33544 — Path Traversal in Hawt Hawtio | cvebase