We found results for “”
WS-2023-0115
Good to know:
Date: April 28, 2023
A Race Condition was found in audited leading to logging errors. In certain setups with threaded web servers, Audited's use of Thread.current can incorrectly attributed audits to the wrong user. Version 5.3.3 contains a fix.
Language: Ruby
Severity Score
Severity Score
Weakness Type (CWE)
Race Conditions
CWE-362Top Fix
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | HIGH |
Privileges Required (PR): | LOW |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | NONE |
Integrity (I): | LOW |
Availability (A): | NONE |