cve-2023-49619
Vulnerability from cvelistv5
Published
2024-01-10 08:25
Modified
2024-09-03 18:53
Severity ?
Summary
Apache Answer: Repeated submissions using scripts resulted in an abnormal number of collections for questions.
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:01:25.899Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread/nscrl3c7pn68q4j73y3ottql6n5x3hd4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/01/10/1"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-49619",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-03T18:52:54.771460Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-03T18:53:14.294Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache Answer",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "1.2.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "ek1ng"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027) vulnerability in Apache Answer.\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects Apache Answer: through 1.2.0.\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUnder normal circumstances, a user can only bookmark a question once, and will only increase the number of questions bookmarked once. However, repeat submissions through the script can increase the number of collection of the question many times.\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eUsers are recommended to upgrade to version [\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e1.2.1\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e], which fixes the issue.\u003c/span\u003e"
            }
          ],
          "value": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027) vulnerability in Apache Answer.\n\nThis issue affects Apache Answer: through 1.2.0.\n\nUnder normal circumstances, a user can only bookmark a question once, and will only increase the number of questions bookmarked once. However, repeat submissions through the script can increase the number of collection of the question many times.\n\nUsers are recommended to upgrade to version [1.2.1], which fixes the issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "moderate"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-362",
              "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-10T08:25:01.610Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/nscrl3c7pn68q4j73y3ottql6n5x3hd4"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/01/10/1"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Apache Answer: Repeated submissions using scripts resulted in an abnormal number of collections for questions.",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2023-49619",
    "datePublished": "2024-01-10T08:25:01.610Z",
    "dateReserved": "2023-11-28T06:34:49.463Z",
    "dateUpdated": "2024-09-03T18:53:14.294Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-49619\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2024-01-10T09:15:44.183\",\"lastModified\":\"2024-01-17T13:44:55.787\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027) vulnerability in Apache Answer.\\n\\nThis issue affects Apache Answer: through 1.2.0.\\n\\nUnder normal circumstances, a user can only bookmark a question once, and will only increase the number of questions bookmarked once. However, repeat submissions through the script can increase the number of collection of the question many times.\\n\\nUsers are recommended to upgrade to version [1.2.1], which fixes the issue.\"},{\"lang\":\"es\",\"value\":\"Ejecuci\u00f3n concurrente utilizando recurso compartido con vulnerabilidad de sincronizaci\u00f3n incorrecta (\u0027condici\u00f3n de ejecuci\u00f3n\u0027) en Apache Answer. Este problema afecta a Apache Answer: hasta 1.2.0. En circunstancias normales, un usuario solo puede marcar una pregunta una vez y solo aumentar\u00e1 la cantidad de preguntas marcadas una vez. Sin embargo, los env\u00edos repetidos a trav\u00e9s del gui\u00f3n pueden aumentar muchas veces el n\u00famero de recopilaci\u00f3n de la pregunta. Se recomienda a los usuarios actualizar a la versi\u00f3n [1.2.1], que soluciona el problema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\",\"baseScore\":3.1,\"baseSeverity\":\"LOW\"},\"exploitabilityScore\":1.6,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-362\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:answer:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.2.1\",\"matchCriteriaId\":\"2BE51620-4C98-4784-A428-2CCD0BBC91A7\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2024/01/10/1\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread/nscrl3c7pn68q4j73y3ottql6n5x3hd4\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.