A race condition exists in Audited 4.0.0 to 5.3.3 that can result in an authenticated user to cause audit log entries to be attributed to another user.
https://vulncheck.com/advisories/vc-advisory-GHSA-hjp3-5g2q-7jww
https://github.com/collectiveidea/audited/security/advisories/GHSA-hjp3-5g2q-7jww
https://github.com/advisories/GHSA-hjp3-5g2q-7jww
https://github.com/collectiveidea/audited/pull/671
https://github.com/collectiveidea/audited/pull/669
https://github.com/collectiveidea/audited/issues/601
Source: Mitre, NVD
Published: 2024-01-04
Updated: 2024-01-10
Base Score: 2.1
Vector: CVSS2#AV:N/AC:H/Au:S/C:N/I:P/A:N
Severity: Low
Base Score: 3.1
Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
EPSS: 0.00625