Lucene search
Veracode Vulnerability DatabaseVERACODE:36606HistoryAug 05, 2022 - 5:04 a.m.
Cross-Site Request Forgery (CSRF)
2022-08-0505:04:18
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
cross-site request forgery
image plugin
remote attacker
group privilege escalation
account manipulation
email modification
reset password request
EPSS
0.004
Percentile
73.4%
org.apache.jspwiki:jspwiki-builder and org.apache.jspwiki, jspwiki-war are vulnerable to cross-site request forgery (CSRF). A remote attacker is able to trigger an CSRF attack on the Image plugin via sending a specifically crafted request, which allows a group privilege escalation of the attacker’s account. Further exploitation may allow the attacker to modify the email associated with the victim’s account and then send a reset password request from the login page.
Related
osv
osv
Apache JSPWiki CSRF due to crafted invocation on the Image plugin
2022-08-05 00:00:31
CVE-2022-34158
2022-08-04 07:15:07
prion
prion
Cross site request forgery (csrf)
2022-08-04 07:15:00
ubuntucve
ubuntucve
CVE-2022-34158
2022-08-04 00:00:00
github
github
Apache JSPWiki CSRF due to crafted invocation on the Image plugin
2022-08-05 00:00:31
cnvd
cnvd
Apache JSPWiki Cross-Site Request Forgery Vulnerability (CNVD-2022-61913)
2022-08-08 00:00:00
nvd
nvd
CVE-2022-34158
2022-08-04 07:15:07
cve
cve
CVE-2022-34158
2022-08-04 07:15:07
cvelist
cvelist
CVE-2022-34158 User Group Privilege Escalation
2022-08-04 06:16:11
openvas
openvas
Apache JSPWiki < 2.11.3 Multiple Vulnerabilities
2022-08-05 00:00:00