Back to search
CVE-2022-34158
Published: Aug 4, 2022
Modified: Aug 3, 2024
PUBLISHED
Description
A carefully crafted invocation on the Image plugin could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow a group privilege escalation of the attacker's account. Further examination of this issue established that it could also be used to modify the email associated with the attacked account, and then a reset password request from the login page.
| Vendor | Product | Versions |
|---|---|---|
Apache Software Foundation | Apache JSPWiki | affected unspecified - <= Apache JSPWiki up to 2.11.2 |
References
https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-34158
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now