Improper Authorization
CVE-2017-2589
Summary
It was discovered that the hawtio-system and hawtio project versions through 1.4.68, 2.0.0 and 2.0.1 use a single HttpClient instance to proxy requests with a persistent cookie store (cookies are stored locally and are not passed between the client and the end URL) which means all clients using that proxy are sharing the same cookies.
- LOW
- NETWORK
- HIGH
- CHANGED
- REQUIRED
- LOW
- HIGH
- HIGH
CWE-285 - Improper Authorization
The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
Advisory Timeline
- Published
