[CVE-2022-24947] Apache JSPWiki CSRF Account Takeover#
Severity
Critical
Vendor
The Apache Software Foundation
Versions Affected
Apache JSPWiki up to 2.11.1
Description
Apache JSPWiki user preferences form is vulnerable to CSRF attacks, which can lead to account takeover. When investigating the issue the Apache JSPWiki noticed that the same technique can be used to add or remove people from wiki-groups.
Mitigation
Apache JSPWiki users should upgrade to 2.11.2 or later.
Credit
This issue was discovered by Paulos Yibelo, from Octagon Networks.
CVE