A carefully crafted invocation on the Image plugin could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow a group privilege escalation of the attacker's account. Further examination of this issue established that it could also be used to modify the email associated with the attacked account, and then a reset password request from the login page.
References
Link | Resource |
---|---|
https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-34158 | Vendor Advisory |
https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-34158 | Vendor Advisory |
Configurations
History
21 Nov 2024, 07:08
Type | Values Removed | Values Added |
---|---|---|
References | () https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-34158 - Vendor Advisory |
10 Aug 2022, 15:53
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-34158 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
CWE | CWE-352 | |
CPE | cpe:2.3:a:apache:jspwiki:*:*:*:*:*:*:*:* |
04 Aug 2022, 07:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-08-04 07:15
Updated : 2024-11-21 07:08
NVD link : CVE-2022-34158
Mitre link : CVE-2022-34158
CVE.ORG link : CVE-2022-34158
JSON object : View
Products Affected
apache
- jspwiki
CWE
CWE-352
Cross-Site Request Forgery (CSRF)