CVE-2022-34158

2022-08-0400:00:00

ubuntu.com

csrf vulnerability

apache jspwiki

privilege escalation

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.004

Percentile

73.4%

JSON

A carefully crafted invocation on the Image plugin could trigger an CSRF
vulnerability on Apache JSPWiki before 2.11.3, which could allow a group
privilege escalation of the attacker’s account. Further examination of this
issue established that it could also be used to modify the email associated
with the attacked account, and then a reset password request from the login
page.