This page (revision-6) was last changed on 24-Feb-2022 22:33 by Juan Pablo 

This page was created on 11-Feb-2022 22:12 by Juan Pablo

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Version Date Modified Size Author Changes ... Change note
6 24-Feb-2022 22:33 838 bytes Juan Pablo to previous
5 20-Feb-2022 21:09 840 bytes Juan Pablo to previous | to last Add extra mitigation measure
4 20-Feb-2022 21:03 735 bytes Juan Pablo to previous | to last Update with JSPWIKI-79
3 19-Feb-2022 13:40 568 bytes Juan Pablo to previous | to last
2 11-Feb-2022 22:14 840 bytes Juan Pablo to previous | to last CVE-2022-24947
1 11-Feb-2022 22:12 702 bytes Juan Pablo to last CVE-2022-24947
Incoming links Outgoing links

Difference between version and

At line 15 changed one line
Apache JSPWiki user preferences form is vulnerable to CSRF attacks, which can lead to account takeover. When investigating the issue the Apache JSPWiki noticed that the same technique can be used to add or remove people from wiki-groups.
Apache JSPWiki user preferences form is vulnerable to CSRF attacks, which can lead to account takeover. When investigating the issue, the Apache JSPWiki noticed that the same technique can be used to add or remove people from wiki groups.
At line 21 changed one line
This issue was discovered by Paulos Yibelo, from Octagon Networks.
This issue was discovered by Paulos Yibelo, from Octagon Networks. The Apache JSPWiki team investigated the issue further and found that the vulnerability was also present on the group management screen.