#VU85788 Race condition in Answer - CVE-2023-49619

Cybersecurity Help s.r.o.

Published: 2024-01-25

Vulnerability identifier: #VU85788

Vulnerability risk: Low

CVSSv4.0: 0.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-49619

CWE-ID: CWE-362

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Answer
Web applications / Other software

Vendor: Apache Foundation

Description

The vulnerability allows a remote user to create a huge number of collections.

The vulnerability exists due to a race condition when bookmarking questions. A remote user can create an abnormal number of collections for questions by bookmarking the same question multiple times.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Answer: 0.2.0 - 1.2.0

External links
https://lists.apache.org/thread/nscrl3c7pn68q4j73y3ottql6n5x3hd4
https://www.openwall.com/lists/oss-security/2024/01/10/1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Race condition in Apache Answer