Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-jp3m-p26h-mm7v: Apache JSPWiki CSRF due to crafted invocation on the Image plugin

A carefully crafted invocation on the Image plugin could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow a group privilege escalation of the attacker’s account. Further examination of this issue established that it could also be used to modify the email associated with the attacked account, and then a reset password request from the login page.

ghsa
Open in Source
#csrf#vulnerability#apache#js#git

Apache JSPWiki CSRF due to crafted invocation on the Image plugin

High severity GitHub Reviewed Published Aug 5, 2022 • Updated Aug 11, 2022

Related news

CVE-2022-34158: JSPWiki: CVE-2022-34158Cve=title

A carefully crafted invocation on the Image plugin could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow a group privilege escalation of the attacker's account. Further examination of this issue established that it could also be used to modify the email associated with the attacked account, and then a reset password request from the login page.

ghsa: Latest News

GHSA-27wf-5967-98gx: Kubernetes kubelet arbitrary command execution
ghsa