{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-05T23:23:11.236","vulnerabilities":[{"cve":{"id":"CVE-2022-34158","sourceIdentifier":"security@apache.org","published":"2022-08-04T07:15:07.650","lastModified":"2024-11-21T07:08:58.297","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A carefully crafted invocation on the Image plugin could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow a group privilege escalation of the attacker's account. Further examination of this issue established that it could also be used to modify the email associated with the attacked account, and then a reset password request from the login page."},{"lang":"es","value":"Una invocación cuidadosamente diseñada en el plugin Image podría desencadenar una vulnerabilidad de tipo CSRF en Apache JSPWiki versiones anteriores a 2.11.3, que podría permitir una escalada de privilegios de grupo de la cuenta del atacante. Un examen más detallado de este problema determinó que también podía usarse para modificar el correo electrónico asociado a la cuenta atacada, y luego una petición de restablecimiento de contraseña desde la página de inicio de sesión"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:jspwiki:*:*:*:*:*:*:*:*","versionEndExcluding":"2.11.3","matchCriteriaId":"64A3E769-A3E7-4648-8792-5138BD591C1F"}]}]}],"references":[{"url":"https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-34158","source":"security@apache.org","tags":["Vendor Advisory"]},{"url":"https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-34158","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}