CVE-2022-34158: User Group Privilege Escalation
First published: Thu Aug 04 2022(Updated: )
A carefully crafted invocation on the Image plugin could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow a group privilege escalation of the attacker's account. Further examination of this issue established that it could also be used to modify the email associated with the attacked account, and then a reset password request from the login page.
Credit: security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache JSPWiki | <2.11.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Apache JSPWiki CSRF vulnerability?
The vulnerability ID for this Apache JSPWiki CSRF vulnerability is CVE-2022-34158.
What is the severity of CVE-2022-34158?
CVE-2022-34158 has a severity score of 8.8, which is considered high.
How does the CSRF vulnerability on Apache JSPWiki before version 2.11.3 occur?
The CSRF vulnerability on Apache JSPWiki before version 2.11.3 occurs due to a carefully crafted invocation on the Image plugin.
What can an attacker achieve with this CSRF vulnerability?
An attacker can exploit this CSRF vulnerability to escalate their account privileges within a group and potentially modify the associated email.
How can I fix the CSRF vulnerability on Apache JSPWiki before version 2.11.3?
To fix the CSRF vulnerability on Apache JSPWiki before version 2.11.3, update to version 2.11.3 or later.
- collector/nvd-index
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/tags
- agent/type
- agent/description
- agent/first-publish-date
- agent/event
- vendor/apache
- canonical/apache jspwiki