CVE-2023-4127 - Vulnerability Details - OpenCVE

ReportizFlow

Race Condition within a Thread in GitHub repository answerdev/answer prior to v1.1.1.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Answer	Answer

Configuration 1 [-]

cpe:2.3:a:answer:answer:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/answerdev/answer/commit/47661dc8a356ce6aa7793f1bd950399292180182
https://huntr.dev/bounties/cf7d19e3-1318-4c77-8366-d8d04a0b41ba

History

Fri, 11 Oct 2024 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: @huntrdev

Published: 2023-08-03T03:20:57.777Z

Updated: 2024-10-10T20:15:44.062Z

Reserved: 2023-08-03T03:20:46.192Z

Link: CVE-2023-4127

Vulnrichment

Updated: 2024-08-02T07:17:11.865Z

NVD

Status : Modified

Published: 2023-08-03T04:15:11.753

Modified: 2024-11-21T08:34:27.100

Link: CVE-2023-4127

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-4127", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntrdev", "dateReserved": "2023-08-03T03:20:46.192Z", "datePublished": "2023-08-03T03:20:57.777Z", "dateUpdated": "2024-10-10T20:15:44.062Z"}, "containers": {"cna": {"title": "Race Condition within a Thread in answerdev/answer", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev", "dateUpdated": "2023-08-03T03:20:57.777Z"}, "descriptions": [{"lang": "en", "value": "Race Condition within a Thread in GitHub repository answerdev/answer prior to v1.1.1."}], "affected": [{"vendor": "answerdev", "product": "answerdev/answer", "versions": [{"version": "unspecified", "lessThan": "v1.1.1", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://huntr.dev/bounties/cf7d19e3-1318-4c77-8366-d8d04a0b41ba"}, {"url": "https://github.com/answerdev/answer/commit/47661dc8a356ce6aa7793f1bd950399292180182"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-366 Race Condition within a Thread", "cweId": "CWE-366"}]}], "source": {"advisory": "cf7d19e3-1318-4c77-8366-d8d04a0b41ba", "discovery": "EXTERNAL"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:17:11.865Z"}, "title": "CVE Program Container", "references": [{"url": "https://huntr.dev/bounties/cf7d19e3-1318-4c77-8366-d8d04a0b41ba", "tags": ["x_transferred"]}, {"url": "https://github.com/answerdev/answer/commit/47661dc8a356ce6aa7793f1bd950399292180182", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "answer", "product": "answer", "cpes": ["cpe:2.3:a:answer:answer:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "1.1.1", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-10T20:08:48.637544Z", "id": "CVE-2023-4127", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-10T20:15:44.062Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-4127", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntrdev", "dateReserved": "2023-08-03T03:20:46.192Z", "datePublished": "2023-08-03T03:20:57.777Z", "dateUpdated": "2024-10-10T20:15:44.062Z"}, "containers": {"cna": {"title": "Race Condition within a Thread in answerdev/answer", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntrdev", "dateUpdated": "2023-08-03T03:20:57.777Z"}, "descriptions": [{"lang": "en", "value": "Race Condition within a Thread in GitHub repository answerdev/answer prior to v1.1.1."}], "affected": [{"vendor": "answerdev", "product": "answerdev/answer", "versions": [{"version": "unspecified", "lessThan": "v1.1.1", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://huntr.dev/bounties/cf7d19e3-1318-4c77-8366-d8d04a0b41ba"}, {"url": "https://github.com/answerdev/answer/commit/47661dc8a356ce6aa7793f1bd950399292180182"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-366 Race Condition within a Thread", "cweId": "CWE-366"}]}], "source": {"advisory": "cf7d19e3-1318-4c77-8366-d8d04a0b41ba", "discovery": "EXTERNAL"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:17:11.865Z"}, "title": "CVE Program Container", "references": [{"url": "https://huntr.dev/bounties/cf7d19e3-1318-4c77-8366-d8d04a0b41ba", "tags": ["x_transferred"]}, {"url": "https://github.com/answerdev/answer/commit/47661dc8a356ce6aa7793f1bd950399292180182", "tags": ["x_transferred"]}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-4127", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-10T20:08:48.637544Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:answer:answer:*:*:*:*:*:*:*:*"], "vendor": "answer", "product": "answer", "versions": [{"status": "affected", "version": "0", "lessThan": "1.1.1", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-10T20:13:24.514Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:answer:answer:*:*:*:*:*:*:*:*", "matchCriteriaId": "0025E76C-4BCF-464D-BF24-51B8D2FFE76F", "versionEndExcluding": "1.1.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Race Condition within a Thread in GitHub repository answerdev/answer prior to v1.1.1."}], "id": "CVE-2023-4127", "lastModified": "2024-11-21T08:34:27.100", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "[email protected]", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}]}, "published": "2023-08-03T04:15:11.753", "references": [{"source": "[email protected]", "tags": ["Patch"], "url": "https://github.com/answerdev/answer/commit/47661dc8a356ce6aa7793f1bd950399292180182"}, {"source": "[email protected]", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://huntr.dev/bounties/cf7d19e3-1318-4c77-8366-d8d04a0b41ba"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/answerdev/answer/commit/47661dc8a356ce6aa7793f1bd950399292180182"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://huntr.dev/bounties/cf7d19e3-1318-4c77-8366-d8d04a0b41ba"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-366"}], "source": "[email protected]", "type": "Secondary"}]}