CVE-2022-24947

Summary

Apache JSPWiki user preferences form is vulnerable to CSRF attacks, which can lead to account takeover. Apache JSPWiki users should upgrade to 2.11.2 or later.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache JSPWikiApache JSPWiki up to 2.11.1affected

Weaknesses

  • CSRF Account Takeover

Workarounds

Installations >= 2.7.0 can also enable user management workflows' manual approval to mitigate the issue.

ADP Enrichment

CVE Program Container

Additional References

References