Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS05eDlqLXZyaGotdjM2NM4AAtzi
Apache JSPWiki CSRF due to crafted request on UserPreferences.jsp
A carefully crafted request on UserPreferences.jsp could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow the attacker to modify the email associated with the attacked account, and then a reset password request from the login page.
Permalink: https://github.com/advisories/GHSA-9x9j-vrhj-v364JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05eDlqLXZyaGotdjM2NM4AAtzi
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 1 year ago
Updated: about 1 year ago
CVSS Score: 6.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Identifiers: GHSA-9x9j-vrhj-v364, CVE-2022-28731
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-28731
- https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-28732
- https://github.com/advisories/GHSA-9x9j-vrhj-v364
Affected Packages
maven:org.apache.jspwiki:jspwiki-main
Dependent packages: 8Dependent repositories: 20
Downloads:
Affected Version Ranges: < 2.11.3
Fixed in: 2.11.3
All affected versions: 2.11.0, 2.11.1, 2.11.2
All unaffected versions: 2.11.3, 2.12.0, 2.12.1