CVE-2022-28731

CWE-352Cross-Site Request Forgery (CSRF)4 documents4 sources
Severity
6.5MEDIUM
EPSS
6.5%
top 8.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache JspwikiApache Software Foundation Apache Jspwiki
Timeline
PublishedAug 4
Latest updateAug 5

Description

A carefully crafted request on UserPreferences.jsp could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow the attacker to modify the email associated with the attacked account, and then a reset password request from the login page.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

NVDapache/jspwiki< 2.11.3
CVEListV5apache_software_foundation/apache_jspwikiApache JSPWikiApache JSPWiki up to 2.11.2

🔴Vulnerability Details

3
OSV
Apache JSPWiki CSRF due to crafted request on UserPreferences.jsp2022-08-05
GHSA
Apache JSPWiki CSRF due to crafted request on UserPreferences.jsp2022-08-05
CVEList
Apache JSPWiki CSRF in UserPreferences.jsp2022-08-04
CVE-2022-28731 (MEDIUM CVSS 6.5) | A carefully crafted request on User | cvebase.io