GHSA-4284-x26r-4hhc

Source

https://github.com/advisories/GHSA-4284-x26r-4hhc

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-4284-x26r-4hhc/GHSA-4284-x26r-4hhc.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-4284-x26r-4hhc

Aliases

CVE-2022-24947

Published

2022-02-26T00:00:44Z

Modified

2023-11-08T04:08:40.339696Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Cross Site Request Forgery in Apache JSPWiki

Details

Apache JSPWiki user preferences form is vulnerable to CSRF attacks, which can lead to account takeover. Apache JSPWiki users should upgrade to 2.11.2 or later.

Database specific

{
    "github_reviewed": true,
    "severity": "HIGH",
    "github_reviewed_at": "2022-03-01T19:38:57Z",
    "nvd_published_at": "2022-02-25T09:15:00Z",
    "cwe_ids": [
        "CWE-352"
    ]
}

References

Affected packages

Maven / org.apache.jspwiki:jspwiki-main

Package

Name: org.apache.jspwiki:jspwiki-main; View open source insights on deps.dev
Purl: pkg:maven/org.apache.jspwiki/jspwiki-main

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.11.2

Affected versions

2.*

2.11.0.M1

2.11.0.M2

2.11.0.M3

2.11.0.M4

2.11.0.M5

2.11.0.M6

2.11.0.M7

2.11.0.M8

2.11.0

2.11.1

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-4284-x26r-4hhc/GHSA-4284-x26r-4hhc.json"