Low severity3.1OSV Advisory· Published Jan 4, 2024· Updated Jun 17, 2026
CVE-2024-22047
CVE-2024-22047
Description
A race condition exists in Audited 4.0.0 to 5.3.3 that can result in an authenticated user to cause audit log entries to be attributed to another user.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
auditedRubyGems | >= 4.0.0, < 5.3.3 | 5.3.3 |
Affected products
2- Range: v4.0.0, v4.10.0, v4.2.0, …
Patches
Vulnerability mechanics
References
9- github.com/collectiveidea/audited/issues/601nvdIssue TrackingPatchVendor AdvisoryWEB
- github.com/collectiveidea/audited/pull/669nvdPatchWEB
- github.com/collectiveidea/audited/pull/671nvdPatchWEB
- github.com/advisories/GHSA-hjp3-5g2q-7jwwnvdThird Party AdvisoryADVISORY
- github.com/collectiveidea/audited/security/advisories/GHSA-hjp3-5g2q-7jwwnvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2024-22047ghsaADVISORY
- vulncheck.com/advisories/vc-advisory-GHSA-hjp3-5g2q-7jwwnvdThird Party Advisory
- github.com/collectiveidea/audited/commit/342734c9396d8f96d3165f1d8531c626139fa4c6ghsaWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/audited/CVE-2024-22047.ymlghsaWEB
News mentions
0No linked articles in our index yet.