A race condition exists in Audited 4.0.0 to 5.3.3 that can result in an authenticated user to cause audit log entries to be attributed to another user.
References
Link | Resource |
---|---|
https://github.com/advisories/GHSA-hjp3-5g2q-7jww | Third Party Advisory |
https://github.com/collectiveidea/audited/issues/601 | Issue Tracking Patch Vendor Advisory |
https://github.com/collectiveidea/audited/pull/669 | Patch |
https://github.com/collectiveidea/audited/pull/671 | Patch |
https://github.com/collectiveidea/audited/security/advisories/GHSA-hjp3-5g2q-7jww | Vendor Advisory |
https://vulncheck.com/advisories/vc-advisory-GHSA-hjp3-5g2q-7jww | Third Party Advisory |
Configurations
History
10 Jan 2024, 20:02
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/collectiveidea/audited/issues/601 - Issue Tracking, Patch, Vendor Advisory | |
References | () https://github.com/collectiveidea/audited/security/advisories/GHSA-hjp3-5g2q-7jww - Vendor Advisory | |
References | () https://github.com/collectiveidea/audited/pull/671 - Patch | |
References | () https://github.com/collectiveidea/audited/pull/669 - Patch | |
References | () https://github.com/advisories/GHSA-hjp3-5g2q-7jww - Third Party Advisory | |
References | () https://vulncheck.com/advisories/vc-advisory-GHSA-hjp3-5g2q-7jww - Third Party Advisory | |
CWE | CWE-362 | |
First Time |
Collectiveidea
Collectiveidea audited |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 3.1 |
CPE | cpe:2.3:a:collectiveidea:audited:*:*:*:*:*:*:*:* |
04 Jan 2024, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-04 21:15
Updated : 2024-02-28 20:54
NVD link : CVE-2024-22047
Mitre link : CVE-2024-22047
CVE.ORG link : CVE-2024-22047
JSON object : View
Products Affected
collectiveidea
- audited
CWE
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')