Lucene search

[email protected]NVD:CVE-2022-34158

HistoryAug 04, 2022 - 7:15 a.m.

CVE-2022-34158

2022-08-0407:15:07

CWE-352

[email protected]

web.nvd.nist.gov

csrf

apache jspwiki

privilege escalation

email modification

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.004

Percentile

73.4%

JSON

A carefully crafted invocation on the Image plugin could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow a group privilege escalation of the attacker’s account. Further examination of this issue established that it could also be used to modify the email associated with the attacked account, and then a reset password request from the login page.

Affected configurations

Nvd

Node

apachejspwikiRange<2.11.3

VendorProductVersionCPE
apachejspwiki*cpe:2.3:a:apache:jspwiki:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apache	jspwiki	*	cpe:2.3:a:apache:jspwiki::::::::

References

jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-34158

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.004

Percentile

73.4%

JSON

Related for NVD:CVE-2022-34158

osv2 prion1 ubuntucve1 github1 cvelist1 cnvd1 veracode1 cve1 openvas1