Apache JSPWiki user preferences form is vulnerable to CSRF attacks, which can lead to account takeover. Apache JSPWiki users should upgrade to 2.11.2 or later.
Fixes

Solution

No solution given by the vendor.


Workaround

Installations >= 2.7.0 can also enable user management workflows' manual approval to mitigate the issue.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2024-08-03T04:29:01.578Z

Reserved: 2022-02-10T00:00:00

Link: CVE-2022-24947

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-02-25T09:15:07.007

Modified: 2024-11-21T06:51:26.323

Link: CVE-2022-24947

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.