OpenCVE

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer. This issue affects Apache Answer: through 1.2.0. Under normal circumstances, a user can only bookmark a question once, and will only increase the number of questions bookmarked once. However, repeat submissions through the script can increase the number of collection of the question many times. Users are recommended to upgrade to version [1.2.1], which fixes the issue.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache	Answer

Configuration 1 [-]

cpe:2.3:a:apache:answer:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2024/01/10/1
https://lists.apache.org/thread/nscrl3c7pn68q4j73y3ottql6n5x3hd4

History

No history.

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2024-01-10T08:25:01.610Z

Updated: 2024-09-03T18:53:14.294Z

Reserved: 2023-11-28T06:34:49.463Z

Link: CVE-2023-49619

Vulnrichment

Updated: 2024-08-02T22:01:25.899Z

NVD

Status : Modified

Published: 2024-01-10T09:15:44.183

Modified: 2024-11-21T08:33:38.477

Link: CVE-2023-49619

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-49619", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2023-11-28T06:34:49.463Z", "datePublished": "2024-01-10T08:25:01.610Z", "dateUpdated": "2024-09-03T18:53:14.294Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Apache Answer", "vendor": "Apache Software Foundation", "versions": [{"lessThanOrEqual": "1.2.0", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "ek1ng"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer.<br><br><span style=\"background-color: var(--wht);\">This issue affects Apache Answer: through 1.2.0.<br><br></span><span style=\"background-color: rgb(255, 255, 255);\">Under normal circumstances, a user can only bookmark a question once, and will only increase the number of questions bookmarked once. However, repeat submissions through the script can increase the number of collection of the question many times.<br><br></span><span style=\"background-color: var(--wht);\">Users are recommended to upgrade to version [</span><span style=\"background-color: var(--wht);\">1.2.1</span><span style=\"background-color: var(--wht);\">], which fixes the issue.</span>"}], "value": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer.\n\nThis issue affects Apache Answer: through 1.2.0.\n\nUnder normal circumstances, a user can only bookmark a question once, and will only increase the number of questions bookmarked once. However, repeat submissions through the script can increase the number of collection of the question many times.\n\nUsers are recommended to upgrade to version [1.2.1], which fixes the issue."}], "metrics": [{"other": {"content": {"text": "moderate"}, "type": "Textual description of severity"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-362", "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2024-01-10T08:25:01.610Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/nscrl3c7pn68q4j73y3ottql6n5x3hd4"}, {"url": "http://www.openwall.com/lists/oss-security/2024/01/10/1"}], "source": {"discovery": "EXTERNAL"}, "title": "Apache Answer: Repeated submissions using scripts resulted in an abnormal number of collections for questions.", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T22:01:25.899Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.apache.org/thread/nscrl3c7pn68q4j73y3ottql6n5x3hd4"}, {"url": "http://www.openwall.com/lists/oss-security/2024/01/10/1", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-03T18:52:54.771460Z", "id": "CVE-2023-49619", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-03T18:53:14.294Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.apache.org/thread/nscrl3c7pn68q4j73y3ottql6n5x3hd4", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/01/10/1", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T22:01:25.899Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-49619", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-03T18:52:54.771460Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-03T18:53:01.627Z"}}], "cna": {"title": "Apache Answer: Repeated submissions using scripts resulted in an abnormal number of collections for questions.", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "reporter", "value": "ek1ng"}], "metrics": [{"other": {"type": "Textual description of severity", "content": {"text": "moderate"}}}], "affected": [{"vendor": "Apache Software Foundation", "product": "Apache Answer", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.2.0"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://lists.apache.org/thread/nscrl3c7pn68q4j73y3ottql6n5x3hd4", "tags": ["vendor-advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2024/01/10/1"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer.\n\nThis issue affects Apache Answer: through 1.2.0.\n\nUnder normal circumstances, a user can only bookmark a question once, and will only increase the number of questions bookmarked once. However, repeat submissions through the script can increase the number of collection of the question many times.\n\nUsers are recommended to upgrade to version [1.2.1], which fixes the issue.", "supportingMedia": [{"type": "text/html", "value": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer.<br><br><span style=\"background-color: var(--wht);\">This issue affects Apache Answer: through 1.2.0.<br><br></span><span style=\"background-color: rgb(255, 255, 255);\">Under normal circumstances, a user can only bookmark a question once, and will only increase the number of questions bookmarked once. However, repeat submissions through the script can increase the number of collection of the question many times.<br><br></span><span style=\"background-color: var(--wht);\">Users are recommended to upgrade to version [</span><span style=\"background-color: var(--wht);\">1.2.1</span><span style=\"background-color: var(--wht);\">], which fixes the issue.</span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-362", "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2024-01-10T08:25:01.610Z"}}}, "cveMetadata": {"cveId": "CVE-2023-49619", "state": "PUBLISHED", "dateUpdated": "2024-09-03T18:53:14.294Z", "dateReserved": "2023-11-28T06:34:49.463Z", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "datePublished": "2024-01-10T08:25:01.610Z", "assignerShortName": "apache"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:answer:*:*:*:*:*:*:*:*", "matchCriteriaId": "2BE51620-4C98-4784-A428-2CCD0BBC91A7", "versionEndExcluding": "1.2.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer.\n\nThis issue affects Apache Answer: through 1.2.0.\n\nUnder normal circumstances, a user can only bookmark a question once, and will only increase the number of questions bookmarked once. However, repeat submissions through the script can increase the number of collection of the question many times.\n\nUsers are recommended to upgrade to version [1.2.1], which fixes the issue."}, {"lang": "es", "value": "Ejecuci\u00f3n concurrente utilizando recurso compartido con vulnerabilidad de sincronizaci\u00f3n incorrecta ('condici\u00f3n de ejecuci\u00f3n') en Apache Answer. Este problema afecta a Apache Answer: hasta 1.2.0. En circunstancias normales, un usuario solo puede marcar una pregunta una vez y solo aumentar\u00e1 la cantidad de preguntas marcadas una vez. Sin embargo, los env\u00edos repetidos a trav\u00e9s del gui\u00f3n pueden aumentar muchas veces el n\u00famero de recopilaci\u00f3n de la pregunta. Se recomienda a los usuarios actualizar a la versi\u00f3n [1.2.1], que soluciona el problema."}], "id": "CVE-2023-49619", "lastModified": "2024-11-21T08:33:38.477", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-10T09:15:44.183", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2024/01/10/1"}, {"source": "security@apache.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread/nscrl3c7pn68q4j73y3ottql6n5x3hd4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2024/01/10/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread/nscrl3c7pn68q4j73y3ottql6n5x3hd4"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "security@apache.org", "type": "Secondary"}]}