Lucene search
ApacheCVELIST:CVE-2022-34158HistoryAug 04, 2022 - 6:16 a.m.
CVE-2022-34158 User Group Privilege Escalation
2022-08-0406:16:11
apache
www.cve.org
4
csrf vulnerability
apache jspwiki
user group privilege escalation
A carefully crafted invocation on the Image plugin could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow a group privilege escalation of the attacker’s account. Further examination of this issue established that it could also be used to modify the email associated with the attacked account, and then a reset password request from the login page.
CNA Affected
[
{
"product": "Apache JSPWiki",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "Apache JSPWiki up to 2.11.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
osv
osv
Apache JSPWiki CSRF due to crafted invocation on the Image plugin
2022-08-05 00:00:31
CVE-2022-34158
2022-08-04 07:15:07
cnvd
cnvd
Apache JSPWiki Cross-Site Request Forgery Vulnerability (CNVD-2022-61913)
2022-08-08 00:00:00
veracode
veracode
Cross-Site Request Forgery (CSRF)
2022-08-05 05:04:18
nvd
nvd
CVE-2022-34158
2022-08-04 07:15:07
prion
prion
Cross site request forgery (csrf)
2022-08-04 07:15:00
ubuntucve
ubuntucve
CVE-2022-34158
2022-08-04 00:00:00
github
github
Apache JSPWiki CSRF due to crafted invocation on the Image plugin
2022-08-05 00:00:31
cve
cve
CVE-2022-34158
2022-08-04 07:15:07
openvas
openvas
Apache JSPWiki < 2.11.3 Multiple Vulnerabilities
2022-08-05 00:00:00