CVE-2022-34158
N/A
N/A
Summary
A carefully crafted invocation on the Image plugin could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow a group privilege escalation of the attacker's account. Further examination of this issue established that it could also be used to modify the email associated with the attacked account, and then a reset password request from the login page.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Apache Software Foundation | Apache JSPWiki | unspecified <= Apache JSPWiki up to 2.11.2 | affected |
Weaknesses
- CSRF group privilege escalation
Workarounds
Apache JSPWiki users should upgrade to 2.11.3 or later.
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.