CVE-2022-24947 – org.apache.jspwiki:jspwiki-main

Package

Manager: maven
Name: org.apache.jspwiki:jspwiki-main
Vulnerable Version: >=0 <2.11.2

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.02134 pctl0.83521

Details

Cross Site Request Forgery in Apache JSPWiki Apache JSPWiki user preferences form is vulnerable to CSRF attacks, which can lead to account takeover. Apache JSPWiki users should upgrade to 2.11.2 or later.

Metadata

Created: 2022-02-26T00:00:44Z
Modified: 2022-03-07T13:37:09Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-4284-x26r-4hhc/GHSA-4284-x26r-4hhc.json
CWE IDs: ["CWE-352"]
Alternative ID: GHSA-4284-x26r-4hhc
Finding: F007
Auto approve: 1