CVE-2024-22047

low

Description

A race condition exists in Audited 4.0.0 to 5.3.3 that can result in an authenticated user to cause audit log entries to be attributed to another user.

References

https://vulncheck.com/advisories/vc-advisory-GHSA-hjp3-5g2q-7jww

https://github.com/collectiveidea/audited/security/advisories/GHSA-hjp3-5g2q-7jww

https://github.com/collectiveidea/audited/pull/671

https://github.com/collectiveidea/audited/pull/669

https://github.com/collectiveidea/audited/issues/601

https://github.com/advisories/GHSA-hjp3-5g2q-7jww

Details

Source: Mitre, NVD

Published: 2024-01-04

Updated: 2024-01-10

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:N/AC:H/Au:S/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 3.1

Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N