GHSA-jp3m-p26h-mm7v · Severity: high · Ecosystem: maven — Apache JSPWiki CSRF due to crafted invocation on the Image plugin
A carefully crafted invocation on the Image plugin could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow a group privilege escalation of the attacker's account. Further examination of this issue established that it could also be used to modify the email associated with the attacked account, and then a reset password request from the login page.
Conclusion & alert: CVE-2022-34158 is rated Moderate Risk (62.1/100): CVSS High severity, with medium exploitation likelihood (EPSS 1.10%). Mandatory action: Review affected assets and schedule remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2025-11-21 | 1.30% | 1.10% | -0.20% |
| 2 | 2025-11-18 | 1.10% | 1.30% | +0.20% |
| 3 | 2025-08-11 | — | 1.10% | — |
Full EPSS history (7 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 8.8 | 3.1 | HIGH |
|
2.8 | 5.9 | [email protected] |
GHSA-jp3m-p26h-mm7v · Severity: high · Ecosystem: maven — Apache JSPWiki CSRF due to crafted invocation on the Image plugin
| vendor | priority | summary | link |
|---|---|---|---|
ubuntu
|
medium | CVE-2022-34158 medium priority: Ubuntu including 1 source packages (jspwiki), 6 status rows across 6 suites (bionic, focal, jammy, trusty, upstream, xenial): DNE 4, ignored 1, needs-triage 1. | https://ubuntu.com/security/CVE-2022-34158 |
| URL | Tags |
|---|---|
| https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2022-34158 | Vendor Advisory |