mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-29 01:31:20 +00:00
88 lines
2.9 KiB
JSON
88 lines
2.9 KiB
JSON
{
|
|
"id": "CVE-2022-34158",
|
|
"sourceIdentifier": "security@apache.org",
|
|
"published": "2022-08-04T07:15:07.650",
|
|
"lastModified": "2024-11-21T07:08:58.297",
|
|
"vulnStatus": "Modified",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "A carefully crafted invocation on the Image plugin could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow a group privilege escalation of the attacker's account. Further examination of this issue established that it could also be used to modify the email associated with the attacked account, and then a reset password request from the login page."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Una invocaci\u00f3n cuidadosamente dise\u00f1ada en el plugin Image podr\u00eda desencadenar una vulnerabilidad de tipo CSRF en Apache JSPWiki versiones anteriores a 2.11.3, que podr\u00eda permitir una escalada de privilegios de grupo de la cuenta del atacante. Un examen m\u00e1s detallado de este problema determin\u00f3 que tambi\u00e9n pod\u00eda usarse para modificar el correo electr\u00f3nico asociado a la cuenta atacada, y luego una petici\u00f3n de restablecimiento de contrase\u00f1a desde la p\u00e1gina de inicio de sesi\u00f3n"
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
|
"baseScore": 8.8,
|
|
"baseSeverity": "HIGH",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "REQUIRED",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH"
|
|
},
|
|
"exploitabilityScore": 2.8,
|
|
"impactScore": 5.9
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-352"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:apache:jspwiki:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "2.11.3",
|
|
"matchCriteriaId": "64A3E769-A3E7-4648-8792-5138BD591C1F"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-34158",
|
|
"source": "security@apache.org",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-34158",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |