CVE-2023-33544
published 2023-06-01CVE-2023-33544: hawtio 2.17.2 is vulnerable to Path Traversal. it is possible to input malicious zip files, which can result in the high-risk files after decompression being…
PriorityP424medium5.5CVSS 3.1
AVLACLPRNUIRSUCNIHAN
EPSS
0.30%
22.0th percentile
hawtio 2.17.2 is vulnerable to Path Traversal. it is possible to input malicious zip files, which can result in the high-risk files after decompression being stored in any location, even leading to file overwrite.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hawt | hawtio | — | — |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
hawtio: path traversal via unsafe zip decompression
vendor_redhat·2023-06-01·CVSS 5.5
CVE-2023-33544 [MEDIUM] CWE-22 hawtio: path traversal via unsafe zip decompression
hawtio: path traversal via unsafe zip decompression
hawtio 2.17.2 is vulnerable to Path Traversal. it is possible to input malicious zip files, which can result in the high-risk files after decompression being stored in any location, even leading to file overwrite.
Package: hawtio (Red Hat AMQ Broker 7) - Not affected
Package: hawtio (Red Hat Fuse 7) - Not affected
Package: hawtio (Red Hat JBoss Data Grid 7) - Not affected
Package: hawtio (Red Hat JBoss Data Virtualization 6) - Out of support scope
Package: hawtio (Red Hat JBoss Enterprise Application Platform 7) - Not affected
Package: hawtio (Red Hat JBoss Enterprise Application Platform Expansion Pack) - Not affected
Package: hawtio (Red Hat JBoss Fuse 6) - Out of support scope
Package: hawtio (Red Hat JBoss Fuse Service Works
OSV
hawtio vulnerable to Path Traversal
osv·2023-06-01
CVE-2023-33544 [MEDIUM] hawtio vulnerable to Path Traversal
hawtio vulnerable to Path Traversal
hawtio 2.17.2 is vulnerable to Path Traversal. it is possible to input malicious zip files, which can result in the high-risk files after decompression being stored in any location, even leading to file overwrite.
GHSA
hawtio vulnerable to Path Traversal
ghsa·2023-06-01
CVE-2023-33544 [MEDIUM] CWE-22 hawtio vulnerable to Path Traversal
hawtio vulnerable to Path Traversal
hawtio 2.17.2 is vulnerable to Path Traversal. it is possible to input malicious zip files, which can result in the high-risk files after decompression being stored in any location, even leading to file overwrite.
No detection rules found.
No public exploits indexed.
2023-06-01
Published