'[oss-security] CVE-2024-26578: Apache Answer: Repeated submission at registration created duplicate '

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2024-26578: Apache Answer: Repeated submission at registration created duplicate 
From:       Enxin Xie <linkinstar () apache ! org>
Date:       2024-02-22 8:44:24
Message-ID: 73fe470c-7887-0bf9-64da-948a7dd32a69 () apache ! org
[Download RAW message or body]

Severity: moderate

Affected versions:

- Apache Answer through 1.2.1

Description:

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') \
vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1.

Repeated submission during registration resulted in the registration of the same user. When \
users register, if they rapidly submit multiple registrations using scripts, it can result in \
the creation of multiple user accounts simultaneously with the same name. Users are recommended \
to upgrade to version [1.2.5], which fixes the issue.

Credit:

Mohammad Reza Omrani (reporter)

References:

https://answer.incubator.apache.org
https://www.cve.org/CVERecord?id=CVE-2024-26578

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic