CVE-2022-28731

Source
https://cve.org/CVERecord?id=CVE-2022-28731
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-28731.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-28731
Aliases
Published
2022-08-04T06:15:43Z
Modified
2026-07-08T06:03:51.982270875Z
Summary
Apache JSPWiki CSRF in UserPreferences.jsp
Details

A carefully crafted request on UserPreferences.jsp could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow the attacker to modify the email associated with the attacked account, and then a reset password request from the login page.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/28xxx/CVE-2022-28731.json",
    "cna_assigner": "apache",
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "introduced": "Apache JSPWiki"
                },
                {
                    "last_affected": "Apache JSPWiki up to 2.11.2"
                }
            ],
            "source": "AFFECTED_FIELD"
        },
        {
            "extracted_events": [
                {
                    "fixed": "2.11.3"
                }
            ],
            "source": "DESCRIPTION"
        }
    ]
}
References

Affected packages

Git / github.com/apache/jspwiki

Affected ranges

Type
GIT
Repo
https://github.com/apache/jspwiki
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "cpe": "cpe:2.3:a:apache:jspwiki:*:*:*:*:*:*:*:*",
    "source": "CPE_RANGE",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.11.3"
        }
    ]
}

Affected versions

2.*
2.10.3
2.10.3-RC1
2.10.3-RC2
2.10.4
2.10.4-RC1
2.10.4-RC2
2.10.4-RC3
2.10.5
2.10.5-RC1
2.10.5-RC2
2.11.0
2.11.0-RC1
2.11.0-RC2
2.11.0.M1
2.11.0.M1-RC1
2.11.0.M1-RC2
2.11.0.M1.RC3
2.11.0.M2
2.11.0.M2-RC1
2.11.0.M3
2.11.0.M3-RC1
2.11.0.M3-RC2
2.11.0.M4
2.11.0.M4-RC1
2.11.0.M4-RC2
2.11.0.M5
2.11.0.M5-RC1
2.11.0.M5-RC2
2.11.0.M5-RC3
2.11.0.M6
2.11.0.M6-RC1
2.11.0.M7
2.11.0.M7-RC1
2.11.0.M8
2.11.0.M8-RC1
2.11.1
2.11.1-RC1
2.11.2
2.11.2-RC1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-28731.json"