Vulnerabilities > CVE-2022-32533 - Unspecified vulnerability in Apache Jetspeed

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

apache

critical

NVD

Published: 2022-07-06

Updated: 2024-04-11

Summary

Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option "xss.filter.post = true" may mitigate these issues. NOTE: Apache Jetspeed is a dormant project of Apache Portals and no updates will be provided for this issue

Vulnerable Configurations

Part	Description	Count
Application	Apache Apache Jetspeed 2.2.0 Apache Jetspeed 2.2.1 Apache Jetspeed 2.2.2 Apache Jetspeed 2.3.0 Apache Jetspeed 2.3.1	5

References

https://www.openwall.com/lists/oss-security/2022/07/06/1
https://lists.apache.org/thread/d3g248pr03x8rvmh8p2t3xdlw0wn5dz2
http://www.openwall.com/lists/oss-security/2022/07/06/1