A carefully crafted request on UserPreferences.jsp could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow the attacker to modify the email associated with the attacked account, and then a reset password request from the login page.
References
Link | Resource |
---|---|
https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-28732 | Not Applicable Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: apache
Published: 2022-08-04T06:15:43
Updated: 2022-08-04T06:15:43
Reserved: 2022-04-05T00:00:00
Link: CVE-2022-28731
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-08-04T07:15:07.557
Modified: 2022-08-10T15:52:48.027
Link: CVE-2022-28731
JSON object: View
Redhat Information
No data.
CWE