A carefully crafted request on UserPreferences.jsp could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow the attacker to modify the email associated with the attacked account, and then a reset password request from the login page.
References
Link | Resource |
---|---|
https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-28732 | Not Applicable Vendor Advisory |
https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-28732 | Not Applicable Vendor Advisory |
Configurations
History
21 Nov 2024, 06:57
Type | Values Removed | Values Added |
---|---|---|
References | () https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-28732 - Not Applicable, Vendor Advisory |
10 Aug 2022, 15:52
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:apache:jspwiki:*:*:*:*:*:*:*:* | |
References | (MISC) https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-28732 - Not Applicable, Vendor Advisory | |
CWE | CWE-352 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
04 Aug 2022, 07:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-08-04 07:15
Updated : 2024-11-21 06:57
NVD link : CVE-2022-28731
Mitre link : CVE-2022-28731
CVE.ORG link : CVE-2022-28731
JSON object : View
Products Affected
apache
- jspwiki
CWE
CWE-352
Cross-Site Request Forgery (CSRF)