// For flags

CVE-2024-26578

Apache Answer: Repeated submission at registration created duplicate users with the same name

Severity Score

"-"
*CVSS v-

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1.

Repeated submission during registration resulted in the registration of the same user. When users register, if they rapidly submit multiple registrations using scripts, it can result in the creation of multiple user accounts simultaneously with the same name.
Users are recommended to upgrade to version [1.2.5], which fixes the issue.

Ejecución simultánea mediante recurso compartido con vulnerabilidad de sincronización incorrecta ('Condición de Ejecución') en Apache Answer. Este problema afecta a Apache Answer: hasta 1.2.1. El envío repetido durante el registro resultó en el registro del mismo usuario. Cuando los usuarios se registran, si envían rápidamente varios registros utilizando scripts, puede resultar en la creación de varias cuentas de usuario simultáneamente con el mismo nombre. Se recomienda a los usuarios actualizar a la versión [1.2.5], que soluciona el problema.

*Credits: Mohammad Reza Omrani
CVSS Scores
Attack Vector
-
Attack Complexity
-
Privileges Required
-
User Interaction
-
Scope
-
Confidentiality
-
Integrity
-
Availability
-
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-02-19 CVE Reserved
  • 2024-02-22 CVE Published
  • 2024-02-23 EPSS Updated
  • 2024-08-02 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Apache Software Foundation
Search vendor "Apache Software Foundation"
Apache Answer
Search vendor "Apache Software Foundation" for product "Apache Answer"
<= 1.2.1
Search vendor "Apache Software Foundation" for product "Apache Answer" and version " <= 1.2.1"
en
Affected