[CVE-2022-28731] Apache JSPWiki CSRF in UserPreferences.jsp#
Severity
Critical
Vendor
The Apache Software Foundation
Versions Affected
Apache JSPWiki up to 2.11.2
Description
A carefully crafted request on UserPreferences.jsp could trigger an CSRF vulnerability on Apache JSPWiki, which could allow the attacker to modify the email associated with the attacked account, and then a reset password request from the login page.
Mitigation
Apache JSPWiki users should upgrade to 2.11.3 or later. Installations >= 2.7.0 can also enable user management workflows' manual approval to mitigate the issue.
Credit
This issue was discovered by Fabrice Perez, <fabioperez AT gmail DOT com>
CVE
.feather {
background-image:url(
);
background-repeat:no-repeat;
background-position:top;
background-size:48px;
text-align:center;
}
);
background-repeat:no-repeat;
background-position:top;
background-size:48px;
text-align:center;
}
Copyright © 2024 The Apache Software Foundation,
Licensed under the Apache License, Version 2.0
.
Apache and the Apache feather logo are trademarks of The Apache Software Foundation.
Licensed under the Apache License, Version 2.0
.Apache and the Apache feather logo are trademarks of The Apache Software Foundation.