CVE-2022-24947

HIGH8.8EPSS 1.8%

Cross Site Request Forgery in Apache JSPWiki

Published: 2/26/2022Modified: 11/8/2023

Description

Apache JSPWiki user preferences form is vulnerable to CSRF attacks, which can lead to account takeover. Apache JSPWiki users should upgrade to 2.11.2 or later.

Affected packages (1)

Maven/org.apache.jspwiki:jspwiki-mainfrom 0, < 2.11.2

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-24947
WEBhttps://lists.apache.org/thread/txrgykjkpt80t57kzpbjo8kfrv8ss02c
WEBhttp://www.openwall.com/lists/oss-security/2022/02/25/1