Description
A race condition exists in Audited 4.0.0 to 5.3.3 that can result in an authenticated user to cause audit log entries to be attributed to another user.
References (6)
Core 6
Core References
Vendor Advisory vendor-advisory
https://github.com/collectiveidea/audited/security/advisories/GHSA-hjp3-5g2q-7jww
Issue Tracking, Patch, Vendor Advisory issue-tracking
https://github.com/collectiveidea/audited/issues/601
Patch related
https://github.com/collectiveidea/audited/pull/669
Patch related
https://github.com/collectiveidea/audited/pull/671
Third Party Advisory third-party-advisory
https://github.com/advisories/GHSA-hjp3-5g2q-7jww
Third Party Advisory third-party-advisory
https://vulncheck.com/advisories/vc-advisory-GHSA-hjp3-5g2q-7jww
Scores
CVSS v3
3.1
EPSS
0.0093
EPSS Percentile
76.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-362
Status
published
Products (2)
collectiveidea/audited
4.0.0 - 5.3.3
rubygems/audited
4.0.0 - 5.3.3RubyGems
Published
Jan 04, 2024
Tracked Since
Feb 18, 2026