CVE-2021-44140

Name of the Vulnerable Software and Affected Versions Apache JSPWiki versions up to 2.11.0.M8

Description The issue is related to inadequate access control in Apache JSPWiki, allowing remote attackers to delete arbitrary files on a system hosting a JSPWiki instance by using a carefully crafted HTTP request on logout. This is possible if the files are reachable to the user running the JSPWiki instance.

Recommendations For Apache JSPWiki versions up to 2.11.0.M8, upgrade to 2.11.0 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.