CVE-2022-28731

Name of the Vulnerable Software and Affected Versions Apache JSPWiki versions prior to 2.11.3

Description A carefully crafted request on "UserPreferences.jsp" could trigger a CSRF issue, allowing an attacker to modify the email associated with the attacked account, and then initiate a reset password request from the login page.

Recommendations For versions prior to 2.11.3, update to version 2.11.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the "UserPreferences.jsp" page until a patch is applied.