3.1
CVE-2024-22047
- EPSS 0.49%
- Veröffentlicht 04.01.2024 21:15:09
- Zuletzt bearbeitet 28.11.2025 23:15:48
- Quelle disclosure@vulncheck.com
- CVE-Watchlists
- Unerledigt
LoginAudited Log Integrity Errors Due to Race Condition
A race condition exists in Audited 4.0.0 to 5.3.3 that can result in an authenticated user to cause audit log entries to be attributed to another user.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Collectiveidea ≫ Audited Version >= 4.0.0 < 5.3.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.49% | 0.384 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 3.1 | 1.6 | 1.4 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
|
| disclosure@vulncheck.com | 3.1 | 1.6 | 1.4 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
|
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
https://github.com/advisories/GHSA-hjp3-5g2q-7jww
https://github.com/collectiveidea/audited/issues/601
https://github.com/collectiveidea/audited/pull/669
https://github.com/collectiveidea/audited/pull/671
https://github.com/collectiveidea/audited/security/advisories/GHSA-hjp3-5g2q-7jww
https://vulncheck.com/advisories/vc-advisory-GHSA-hjp3-5g2q-7jww