Description
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.
Remediation
References
Related Vulnerabilities
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2043)
WordPress Plugin Customify-Intuitive Website Styling Cross-Site Request Forgery (2.10.4)
MyBB Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-9414)
Django Cleartext Transmission of Sensitive Information Vulnerability (CVE-2019-12781)
WordPress Plugin Storefront Footer Text Cross-Site Scripting (1.0.1)