CVE-2024-22047

A race condition exists in Audited 4.0.0 to 5.3.3 that can result in an authenticated user to cause audit log entries to be attributed to another user.
Configurations

Configuration 1 (hide)

cpe:2.3:a:collectiveidea:audited:*:*:*:*:*:*:*:*

History

10 Jan 2024, 20:02

Type Values Removed Values Added
References () https://github.com/collectiveidea/audited/issues/601 - () https://github.com/collectiveidea/audited/issues/601 - Issue Tracking, Patch, Vendor Advisory
References () https://github.com/collectiveidea/audited/security/advisories/GHSA-hjp3-5g2q-7jww - () https://github.com/collectiveidea/audited/security/advisories/GHSA-hjp3-5g2q-7jww - Vendor Advisory
References () https://github.com/collectiveidea/audited/pull/671 - () https://github.com/collectiveidea/audited/pull/671 - Patch
References () https://github.com/collectiveidea/audited/pull/669 - () https://github.com/collectiveidea/audited/pull/669 - Patch
References () https://github.com/advisories/GHSA-hjp3-5g2q-7jww - () https://github.com/advisories/GHSA-hjp3-5g2q-7jww - Third Party Advisory
References () https://vulncheck.com/advisories/vc-advisory-GHSA-hjp3-5g2q-7jww - () https://vulncheck.com/advisories/vc-advisory-GHSA-hjp3-5g2q-7jww - Third Party Advisory
CWE CWE-362
First Time Collectiveidea
Collectiveidea audited
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 3.1
CPE cpe:2.3:a:collectiveidea:audited:*:*:*:*:*:*:*:*

04 Jan 2024, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-04 21:15

Updated : 2024-02-28 20:54


NVD link : CVE-2024-22047

Mitre link : CVE-2024-22047

CVE.ORG link : CVE-2024-22047


JSON object : View

Products Affected

collectiveidea

  • audited
CWE
CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')