CVE-2022-28731 – org.apache.jspwiki:jspwiki-main

Package

Manager: maven
Name: org.apache.jspwiki:jspwiki-main
Vulnerable Version: >=0 <2.11.3

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.07956 pctl0.91727

Details

Apache JSPWiki CSRF due to crafted request on UserPreferences.jsp A carefully crafted request on UserPreferences.jsp could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow the attacker to modify the email associated with the attacked account, and then a reset password request from the login page.

Metadata

Created: 2022-08-05T00:00:30Z
Modified: 2022-08-11T15:51:10Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/08/GHSA-9x9j-vrhj-v364/GHSA-9x9j-vrhj-v364.json
CWE IDs: ["CWE-352"]
Alternative ID: GHSA-9x9j-vrhj-v364
Finding: F007
Auto approve: 1