CVE-2022-34158

A carefully crafted invocation on the Image plugin could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow a group privilege escalation of the attacker's account. Further examination of this issue established that it could also be used to modify the email associated with the attacked account, and then a reset password request from the login page.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-34158	Vendor Advisory
https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-34158	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:jspwiki:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:08

Type	Values Removed	Values Added
References	~~() https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-34158 - Vendor Advisory~~	() https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-34158 - Vendor Advisory

10 Aug 2022, 15:53

Type	Values Removed	Values Added
References	~~(MISC) https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-34158 -~~	(MISC) https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-34158 - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.8
CWE		CWE-352
CPE		cpe:2.3:a:apache:jspwiki::::::::

04 Aug 2022, 07:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-08-04 07:15

Updated : 2024-11-21 07:08

NVD link : CVE-2022-34158

Mitre link : CVE-2022-34158

CVE.ORG link : CVE-2022-34158

JSON object : View

Products Affected

apache

jspwiki

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

{"id": "CVE-2022-34158", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2022-08-04T07:15:07.650", "references": [{"url": "https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-34158", "tags": ["Vendor Advisory"], "source": "security@apache.org"}, {"url": "https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-34158", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "A carefully crafted invocation on the Image plugin could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow a group privilege escalation of the attacker's account. Further examination of this issue established that it could also be used to modify the email associated with the attacked account, and then a reset password request from the login page."}, {"lang": "es", "value": "Una invocaci\u00f3n cuidadosamente dise\u00f1ada en el plugin Image podr\u00eda desencadenar una vulnerabilidad de tipo CSRF en Apache JSPWiki versiones anteriores a 2.11.3, que podr\u00eda permitir una escalada de privilegios de grupo de la cuenta del atacante. Un examen m\u00e1s detallado de este problema determin\u00f3 que tambi\u00e9n pod\u00eda usarse para modificar el correo electr\u00f3nico asociado a la cuenta atacada, y luego una petici\u00f3n de restablecimiento de contrase\u00f1a desde la p\u00e1gina de inicio de sesi\u00f3n"}], "lastModified": "2024-11-21T07:08:58.297", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:jspwiki:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "64A3E769-A3E7-4648-8792-5138BD591C1F", "versionEndExcluding": "2.11.3"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org"}