CVE-2022-34158

A carefully crafted invocation on the Image plugin could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow a group privilege escalation of the attacker's account. Further examination of this issue established that it could also be used to modify the email associated with the attacked account, and then a reset password request from the login page.
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:jspwiki:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:08

Type Values Removed Values Added
References () https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-34158 - Vendor Advisory () https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-34158 - Vendor Advisory

10 Aug 2022, 15:53

Type Values Removed Values Added
References (MISC) https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-34158 - (MISC) https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-34158 - Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
CWE CWE-352
CPE cpe:2.3:a:apache:jspwiki:*:*:*:*:*:*:*:*

04 Aug 2022, 07:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-08-04 07:15

Updated : 2024-11-21 07:08


NVD link : CVE-2022-34158

Mitre link : CVE-2022-34158

CVE.ORG link : CVE-2022-34158


JSON object : View

Products Affected

apache

  • jspwiki
CWE
CWE-352

Cross-Site Request Forgery (CSRF)