GHSA-9x9j-vrhj-v364

Source

https://github.com/advisories/GHSA-9x9j-vrhj-v364

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/08/GHSA-9x9j-vrhj-v364/GHSA-9x9j-vrhj-v364.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-9x9j-vrhj-v364

Aliases

CVE-2022-28731

Published

2022-08-05T00:00:30Z

Modified

2023-11-01T04:58:37.518005Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVSS Calculator

Summary

Apache JSPWiki CSRF due to crafted request on UserPreferences.jsp

Details

A carefully crafted request on UserPreferences.jsp could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow the attacker to modify the email associated with the attacked account, and then a reset password request from the login page.

Database specific

{
    "nvd_published_at": "2022-08-04T07:15:00Z",
    "github_reviewed_at": "2022-08-11T15:51:10Z",
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-352"
    ]
}

References

Affected packages

Maven / org.apache.jspwiki:jspwiki-main

Package

Name: org.apache.jspwiki:jspwiki-main; View open source insights on deps.dev
Purl: pkg:maven/org.apache.jspwiki/jspwiki-main

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.11.3

Affected versions

2.*

2.11.0.M1

2.11.0.M2

2.11.0.M3

2.11.0.M4

2.11.0.M5

2.11.0.M6

2.11.0.M7

2.11.0.M8

2.11.0

2.11.1

2.11.2