CVE-2022-28731: Apache JSPWiki CSRF in UserPreferences.jsp
First published: Thu Aug 04 2022(Updated: )
A carefully crafted request on UserPreferences.jsp could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow the attacker to modify the email associated with the attacked account, and then a reset password request from the login page.
Credit: security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache JSPWiki | <2.11.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the CVE ID of this vulnerability?
The CVE ID of this vulnerability is CVE-2022-28731.
What is the severity of CVE-2022-28731?
The severity of CVE-2022-28731 is medium with a severity value of 6.5.
How does CVE-2022-28731 affect Apache JSPWiki?
CVE-2022-28731 affects Apache JSPWiki versions up to and including 2.11.3.
What is the impact of CVE-2022-28731?
The impact of CVE-2022-28731 is that it allows an attacker to modify the email associated with the targeted account and initiate a password reset request.
Is there a fix available for CVE-2022-28731?
Yes, a fix is available for CVE-2022-28731. It is recommended to upgrade Apache JSPWiki to version 2.11.4 or later.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/title
- agent/references
- agent/weakness
- agent/author
- agent/tags
- agent/description
- agent/event
- agent/first-publish-date
- vendor/apache
- canonical/apache jspwiki