Lucene search
Ubuntu.comUB:CVE-2022-28731HistoryAug 04, 2022 - 12:00 a.m.
CVE-2022-28731
2022-08-0400:00:00
ubuntu.com
ubuntu.com
15
csrf
apache jspwiki
2.11.3
userpreferences.jsp
email modification
reset password
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
27.3%
A carefully crafted request on UserPreferences.jsp could trigger an CSRF
vulnerability on Apache JSPWiki before 2.11.3, which could allow the
attacker to modify the email associated with the attacked account, and then
a reset password request from the login page.
Related
cve
cve
CVE-2022-28731
2022-08-04 07:15:07
nvd
nvd
CVE-2022-28731
2022-08-04 07:15:07
github
github
Apache JSPWiki CSRF due to crafted request on UserPreferences.jsp
2022-08-05 00:00:30
cnvd
cnvd
Apache JSPWiki Cross-Site Request Forgery Vulnerability (CNVD-2022-76239)
2022-08-08 00:00:00
prion
prion
Cross site request forgery (csrf)
2022-08-04 07:15:00
veracode
veracode
Cross-Site Request Forgery (CSRF)
2022-08-05 04:01:08
cvelist
cvelist
CVE-2022-28731 Apache JSPWiki CSRF in UserPreferences.jsp
2022-08-04 06:15:43
osv
osv
CVE-2022-28731
2022-08-04 07:15:07
Apache JSPWiki CSRF due to crafted request on UserPreferences.jsp
2022-08-05 00:00:30
openvas
openvas
Apache JSPWiki < 2.11.3 Multiple Vulnerabilities
2022-08-05 00:00:00
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
27.3%
Related for UB:CVE-2022-28731