CVE-2024-26578

{"id": "CVE-2024-26578", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.2}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2024-02-22T10:15:08.503", "references": [{"url": "http://www.openwall.com/lists/oss-security/2024/02/22/3", "tags": ["Mailing List", "Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread/ko0ksnznt2484lxt0zts2ygr82ldkhcb", "tags": ["Mailing List", "Vendor Advisory"], "source": "security@apache.org"}, {"url": "http://www.openwall.com/lists/oss-security/2024/02/22/3", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread/ko0ksnznt2484lxt0zts2ygr82ldkhcb", "tags": ["Mailing List", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "security@apache.org", "description": [{"lang": "en", "value": "CWE-362"}]}, {"type": "Primary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-362"}]}], "descriptions": [{"lang": "en", "value": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1.\n\nRepeated submission during registration resulted in the registration of the same user. When users register, if they rapidly submit multiple registrations using scripts, it can result in the creation of multiple user accounts simultaneously with the same name.\nUsers are recommended to upgrade to version [1.2.5], which fixes the issue."}, {"lang": "es", "value": "Ejecuci\u00f3n simult\u00e1nea mediante recurso compartido con vulnerabilidad de sincronizaci\u00f3n incorrecta ('Condici\u00f3n de Ejecuci\u00f3n') en Apache Answer. Este problema afecta a Apache Answer: hasta 1.2.1. El env\u00edo repetido durante el registro result\u00f3 en el registro del mismo usuario. Cuando los usuarios se registran, si env\u00edan r\u00e1pidamente varios registros utilizando scripts, puede resultar en la creaci\u00f3n de varias cuentas de usuario simult\u00e1neamente con el mismo nombre. Se recomienda a los usuarios actualizar a la versi\u00f3n [1.2.5], que soluciona el problema."}], "lastModified": "2025-03-20T20:15:31.513", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:answer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F977E6DB-B10B-4AC2-BD22-EA5F228989A9", "versionEndIncluding": "1.2.1"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org"}