CVE-2024-26578
Apache Answer: Repeated submission at registration created duplicate users with the same name
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1.
Repeated submission during registration resulted in the registration of the same user. When users register, if they rapidly submit multiple registrations using scripts, it can result in the creation of multiple user accounts simultaneously with the same name.
Users are recommended to upgrade to version [1.2.5], which fixes the issue.
Ejecución simultánea mediante recurso compartido con vulnerabilidad de sincronización incorrecta ('Condición de Ejecución') en Apache Answer. Este problema afecta a Apache Answer: hasta 1.2.1. El envío repetido durante el registro resultó en el registro del mismo usuario. Cuando los usuarios se registran, si envían rápidamente varios registros utilizando scripts, puede resultar en la creación de varias cuentas de usuario simultáneamente con el mismo nombre. Se recomienda a los usuarios actualizar a la versión [1.2.5], que soluciona el problema.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-02-19 CVE Reserved
- 2024-02-22 CVE Published
- 2024-02-23 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
http://www.openwall.com/lists/oss-security/2024/02/22/3 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://lists.apache.org/thread/ko0ksnznt2484lxt0zts2ygr82ldkhcb | 2024-02-22 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Apache Software Foundation Search vendor "Apache Software Foundation" | Apache Answer Search vendor "Apache Software Foundation" for product "Apache Answer" | <= 1.2.1 Search vendor "Apache Software Foundation" for product "Apache Answer" and version " <= 1.2.1" | en |
Affected
|