Vulnerability Details CVE-2024-22047
A race condition exists in Audited 4.0.0 to 5.3.3 that can result in an authenticated user to cause audit log entries to be attributed to another user.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 75.6%
CVSS Severity
CVSS v3 Score 3.1
References
- https://github.com/advisories/GHSA-hjp3-5g2q-7jww
- https://github.com/collectiveidea/audited/issues/601
- https://github.com/collectiveidea/audited/pull/669
- https://github.com/collectiveidea/audited/pull/671
- https://github.com/collectiveidea/audited/security/advisories/GHSA-hjp3-5g2q-7jww
- https://vulncheck.com/advisories/vc-advisory-GHSA-hjp3-5g2q-7jww
- https://github.com/advisories/GHSA-hjp3-5g2q-7jww
- https://github.com/collectiveidea/audited/issues/601
- https://github.com/collectiveidea/audited/pull/669
- https://github.com/collectiveidea/audited/pull/671
- https://github.com/collectiveidea/audited/security/advisories/GHSA-hjp3-5g2q-7jww
- https://vulncheck.com/advisories/vc-advisory-GHSA-hjp3-5g2q-7jww
Products affected by CVE-2024-22047
-
cpe:2.3:a:collectiveidea:audited:4.0.0
-
cpe:2.3:a:collectiveidea:audited:4.10.0
-
cpe:2.3:a:collectiveidea:audited:4.2.0
-
cpe:2.3:a:collectiveidea:audited:4.2.1
-
cpe:2.3:a:collectiveidea:audited:4.2.2
-
cpe:2.3:a:collectiveidea:audited:4.3.0
-
cpe:2.3:a:collectiveidea:audited:4.4.0
-
cpe:2.3:a:collectiveidea:audited:4.4.1
-
cpe:2.3:a:collectiveidea:audited:4.5.0
-
cpe:2.3:a:collectiveidea:audited:4.6.0
-
cpe:2.3:a:collectiveidea:audited:4.7.0
-
cpe:2.3:a:collectiveidea:audited:4.7.1
-
cpe:2.3:a:collectiveidea:audited:4.8.0
-
cpe:2.3:a:collectiveidea:audited:4.9.0
-
cpe:2.3:a:collectiveidea:audited:5.0.0
-
cpe:2.3:a:collectiveidea:audited:5.0.1
-
cpe:2.3:a:collectiveidea:audited:5.0.2
-
cpe:2.3:a:collectiveidea:audited:5.1.0
-
cpe:2.3:a:collectiveidea:audited:5.2.0
-
cpe:2.3:a:collectiveidea:audited:5.3.0
-
cpe:2.3:a:collectiveidea:audited:5.3.1
-
cpe:2.3:a:collectiveidea:audited:5.3.2