Veracode Vulnerability DatabaseVERACODE:44973Race Condition
3.1 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
6.7 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
35.1%
Audited is vulnerable to Race Condition. The vulnerability is caused due lack of proper synchronization mechanisms during the use of Thread.current. This potentially leads to logging of wrong username in an audit log.
References
github.com/advisories/GHSA-hjp3-5g2q-7jww
github.com/collectiveidea/audited/commit/342734c9396d8f96d3165f1d8531c626139fa4c6
github.com/collectiveidea/audited/issues/601
github.com/collectiveidea/audited/pull/669
github.com/collectiveidea/audited/pull/671
github.com/collectiveidea/audited/security/advisories/GHSA-hjp3-5g2q-7jww
vulncheck.com/advisories/vc-advisory-GHSA-hjp3-5g2q-7jww
Related
3.1 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
6.7 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
35.1%