Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS00Mjg0LXgyNnItNGhoY80vIw
Cross Site Request Forgery in Apache JSPWiki
Apache JSPWiki user preferences form is vulnerable to CSRF attacks, which can lead to account takeover. Apache JSPWiki users should upgrade to 2.11.2 or later.
Permalink: https://github.com/advisories/GHSA-4284-x26r-4hhcJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00Mjg0LXgyNnItNGhoY80vIw
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 2 years ago
Updated: about 1 year ago
CVSS Score: 8.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Identifiers: GHSA-4284-x26r-4hhc, CVE-2022-24947
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-24947
- https://lists.apache.org/thread/txrgykjkpt80t57kzpbjo8kfrv8ss02c
- http://www.openwall.com/lists/oss-security/2022/02/25/1
- https://github.com/advisories/GHSA-4284-x26r-4hhc
Affected Packages
maven:org.apache.jspwiki:jspwiki-main
Dependent packages: 8Dependent repositories: 20
Downloads:
Affected Version Ranges: < 2.11.2
Fixed in: 2.11.2
All affected versions: 2.11.0, 2.11.1
All unaffected versions: 2.11.2, 2.11.3, 2.12.0, 2.12.1