CVE-2022-34158

Name of the Vulnerable Software and Affected Versions Apache JSPWiki versions prior to 2.11.3

Description A carefully crafted invocation on the Image plugin could trigger a CSRF issue, allowing a group privilege escalation of the attacker's account. This could also be used to modify the email associated with the attacked account, and then a reset password request from the "login page" endpoint.

Recommendations For versions prior to 2.11.3, update to version 2.11.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the Image plugin until a patch is available. Avoid using the vulnerable Image plugin functionality in the affected API endpoints until the issue is resolved.