VDB-248847 · CVE-2016-15036 · ID 94

Deis Workflow Manager ଯେପର୍ଯ୍ୟନ୍ତ 2.3.2 ଦୌଡ଼ ଅବସ୍ଥା

Rakkoon nageenyaa kan ସମସ୍ୟାଜନକ jedhamuun beekamu Deis Workflow Manager ଯେପର୍ଯ୍ୟନ୍ତ 2.3.2 keessatti argameera. Kan miidhamte is hojii hin beekamne. Hojii jijjiirraa gara ଦୌଡ଼ ଅବସ୍ଥା geessa. CWE fayyadamuun rakkoo ibsuun gara CWE-362 geessa. Dadhabbii kana yeroo 08/10/2016 maxxanfameera akka 94. Odeeffannoon kun buufachuuf github.com irratti qoodameera. Dogoggorri kun akka CVE-2016-15036tti beekama. Konkolaataa naannoo keessa seenuu barbaachisa ta'ee, weerarri kun milkaa'uuf. Faayidaaleen teeknikaa hin jiru. Meeshaa balaa kana fayyadamuuf hin jiru. Amma, gatii ammee exploit might be approx. USD $0-$5k ta'uu danda'a. Akka ଅପରିଭାଷିତ jedhamee ibsameera. Akka 0-daytti, gatii daldalaa dhoksaa tilmaamame $0-$5k ta'ee ture. Beekamtii paachii kanaa 31fe3bccbdde134a185752e53380330d16053f7f dha. Sirreeffamni rakkoo github.com irratti buufachuuf jira. Qabiyyee miidhamte fooyyessuuf gorsa ni kennama. To'annoon danda'amu 1 ଦିନ booda ifooma hanqina nageenyaa irratti maxxanfamee jira. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

4 ଆଡାପ୍ଟେସନ୍ · 97 ପଏଣ୍ଟ

ଫିଲ୍ଡ	ସୃଷ୍ଟି ହୋଇଛି 12/22/2023 07:46 AM	ଅଦ୍ୟତନ 1/3 01/18/2024 08:40 AM	ଅଦ୍ୟତନ 2/3 01/18/2024 08:44 AM	ଅଦ୍ୟତନ 3/3 08/06/2024 11:40 AM
software_vendor	Deis	Deis	Deis	Deis
software_name	Workflow Manager	Workflow Manager	Workflow Manager	Workflow Manager
software_version	<=2.3.2	<=2.3.2	<=2.3.2	<=2.3.2
vulnerability_cwe	CWE-362 (ଦୌଡ଼ ଅବସ୍ଥା)	CWE-362 (ଦୌଡ଼ ଅବସ୍ଥା)	CWE-362 (ଦୌଡ଼ ଅବସ୍ଥା)	CWE-362 (ଦୌଡ଼ ଅବସ୍ଥା)
vulnerability_risk	1	1	1	1
cvss3_vuldb_ac	H	H	H	H
cvss3_vuldb_s	U	U	U	U
cvss3_vuldb_rl	O	O	O	O
cvss3_vuldb_rc	C	C	C	C
advisory_date	1470780000 (08/10/2016)	1470780000 (08/10/2016)	1470780000 (08/10/2016)	1470780000 (08/10/2016)
advisory_identifier	94	94	94	94
advisory_url	https://github.com/deis/workflow-manager/pull/94	https://github.com/deis/workflow-manager/pull/94	https://github.com/deis/workflow-manager/pull/94	https://github.com/deis/workflow-manager/pull/94
countermeasure_name	ଅପଗ୍ରେଡ୍ କରନ୍ତୁ	ଅପଗ୍ରେଡ୍ କରନ୍ତୁ	ଅପଗ୍ରେଡ୍ କରନ୍ତୁ	ଅପଗ୍ରେଡ୍ କରନ୍ତୁ
countermeasure_date	1470866400 (08/11/2016)	1470866400 (08/11/2016)	1470866400 (08/11/2016)	1470866400 (08/11/2016)
upgrade_version	2.3.3	2.3.3	2.3.3	2.3.3
countermeasure_upgrade_url	https://github.com/deis/workflow-manager/releases/tag/v2.3.3	https://github.com/deis/workflow-manager/releases/tag/v2.3.3	https://github.com/deis/workflow-manager/releases/tag/v2.3.3	https://github.com/deis/workflow-manager/releases/tag/v2.3.3
patch_name	31fe3bccbdde134a185752e53380330d16053f7f	31fe3bccbdde134a185752e53380330d16053f7f	31fe3bccbdde134a185752e53380330d16053f7f	31fe3bccbdde134a185752e53380330d16053f7f
countermeasure_patch_url	https://github.com/deis/workflow-manager/commit/31fe3bccbdde134a185752e53380330d16053f7f	https://github.com/deis/workflow-manager/commit/31fe3bccbdde134a185752e53380330d16053f7f	https://github.com/deis/workflow-manager/commit/31fe3bccbdde134a185752e53380330d16053f7f	https://github.com/deis/workflow-manager/commit/31fe3bccbdde134a185752e53380330d16053f7f
countermeasure_advisoryquote	cluster_id is vulnerable to race condition when called concurrently (#94) * fix(cluster_id): Get() is "insert if not exist", needs read-write lock protection * fix(jobs): remove static clusterID getter in sendVersionsImpl 1) add generic data.ClusterID type in sendVersions type struct 2) enable common clusterID reference to be included in multiple, concurrent jobs, so that appropriate locking can be enforced	cluster_id is vulnerable to race condition when called concurrently (#94) * fix(cluster_id): Get() is "insert if not exist", needs read-write lock protection * fix(jobs): remove static clusterID getter in sendVersionsImpl 1) add generic data.ClusterID type in sendVersions type struct 2) enable common clusterID reference to be included in multiple, concurrent jobs, so that appropriate locking can be enforced	cluster_id is vulnerable to race condition when called concurrently (#94) * fix(cluster_id): Get() is "insert if not exist", needs read-write lock protection * fix(jobs): remove static clusterID getter in sendVersionsImpl 1) add generic data.ClusterID type in sendVersions type struct 2) enable common clusterID reference to be included in multiple, concurrent jobs, so that appropriate locking can be enforced	cluster_id is vulnerable to race condition when called concurrently (#94) * fix(cluster_id): Get() is "insert if not exist", needs read-write lock protection * fix(jobs): remove static clusterID getter in sendVersionsImpl 1) add generic data.ClusterID type in sendVersions type struct 2) enable common clusterID reference to be included in multiple, concurrent jobs, so that appropriate locking can be enforced
source_cve	CVE-2016-15036	CVE-2016-15036	CVE-2016-15036	CVE-2016-15036
cna_responsible	VulDB	VulDB	VulDB	VulDB
cna_eol	1	1	1	1
cvss2_vuldb_ac	H	H	H	H
cvss2_vuldb_rc	C	C	C	C
cvss2_vuldb_rl	OF	OF	OF	OF
cvss2_vuldb_av	A	A	A	A
cvss2_vuldb_au	S	S	S	S
cvss2_vuldb_ci	P	P	P	P
cvss2_vuldb_ii	P	P	P	P
cvss2_vuldb_ai	P	P	P	P
cvss2_vuldb_e	ND	ND	ND	ND
cvss3_vuldb_av	A	A	A	A
cvss3_vuldb_pr	L	L	L	L
cvss3_vuldb_ui	N	N	N	N
cvss3_vuldb_c	L	L	L	L
cvss3_vuldb_i	L	L	L	L
cvss3_vuldb_a	L	L	L	L
cvss3_vuldb_e	X	X	X	X
cvss2_vuldb_basescore	4.0	4.0	4.0	4.0
cvss2_vuldb_tempscore	3.5	3.5	3.5	3.5
cvss3_vuldb_basescore	4.6	4.6	4.6	4.6
cvss3_vuldb_tempscore	4.4	4.4	4.4	4.4
cvss3_meta_basescore	4.6	4.6	5.6	5.6
cvss3_meta_tempscore	4.4	4.4	5.5	5.5
price_0day	$0-$5k	$0-$5k	$0-$5k	$0-$5k
cve_assigned		1703199600 (12/22/2023)	1703199600 (12/22/2023)	1703199600 (12/22/2023)
cve_nvd_summary		UNSUPPORTED WHEN ASSIGNED A vulnerability was found in Deis Workflow Manager up to 2.3.2. It has been classified as problematic. This affects an unknown part. The manipulation leads to race condition. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 2.3.3 is able to address this issue. The patch is named 31fe3bccbdde134a185752e53380330d16053f7f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248847. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.	UNSUPPORTED WHEN ASSIGNED A vulnerability was found in Deis Workflow Manager up to 2.3.2. It has been classified as problematic. This affects an unknown part. The manipulation leads to race condition. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 2.3.3 is able to address this issue. The patch is named 31fe3bccbdde134a185752e53380330d16053f7f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248847. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.	UNSUPPORTED WHEN ASSIGNED A vulnerability was found in Deis Workflow Manager up to 2.3.2. It has been classified as problematic. This affects an unknown part. The manipulation leads to race condition. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 2.3.3 is able to address this issue. The patch is named 31fe3bccbdde134a185752e53380330d16053f7f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248847. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
cvss3_nvd_av			A	A
cvss3_nvd_ac			H	H
cvss3_nvd_pr			N	N
cvss3_nvd_ui			N	N
cvss3_nvd_s			U	U
cvss3_nvd_c			H	H
cvss3_nvd_i			H	H
cvss3_nvd_a			H	H
cvss2_nvd_av			A	A
cvss2_nvd_ac			H	H
cvss2_nvd_au			S	S
cvss2_nvd_ci			P	P
cvss2_nvd_ii			P	P
cvss2_nvd_ai			P	P
cvss3_cna_av			A	A
cvss3_cna_ac			H	H
cvss3_cna_pr			L	L
cvss3_cna_ui			N	N
cvss3_cna_s			U	U
cvss3_cna_c			L	L
cvss3_cna_i			L	L
cvss3_cna_a			L	L
cve_cna			VulDB	VulDB
cvss2_nvd_basescore			4.0	4.0
cvss3_nvd_basescore			7.5	7.5
cvss3_cna_basescore			4.6	4.6
cve_nvd_summaryes				NO SOPORTADO CUANDO SE ASIGNÓ Se encontró una vulnerabilidad en Deis Workflow Manager hasta 2.3.2. Ha sido clasificada como problemática. Esto afecta a una parte desconocida. La manipulación conduce a la condición de ejecución. La complejidad del ataque es bastante alta. Se dice que la explotabilidad es difícil. La actualización a la versión 2.3.3 puede solucionar este problema. El parche se llama 31fe3bccbdde134a185752e53380330d16053f7f. Se recomienda actualizar el componente afectado. El identificador asociado de esta vulnerabilidad es VDB-248847. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el fabricante.
cvss2_cna_av				A
cvss2_cna_ac				H
cvss2_cna_au				S
cvss2_cna_ci				P
cvss2_cna_ii				P
cvss2_cna_ai				P
cvss2_cna_basescore				4
cvss4_vuldb_av				A
cvss4_vuldb_ac				H
cvss4_vuldb_pr				L
cvss4_vuldb_ui				N
cvss4_vuldb_vc				L
cvss4_vuldb_vi				L
cvss4_vuldb_va				L
cvss4_vuldb_e				X
cvss4_vuldb_at				N
cvss4_vuldb_sc				N
cvss4_vuldb_si				N
cvss4_vuldb_sa				N
cvss4_vuldb_bscore				2.1
cvss4_vuldb_btscore				2.1

◂ ପଛକୁ ସମୀକ୍ଷା ଆହୁରି ଦୂରରେ ▸

Might our Artificial Intelligence support you?

Check our Alexa App!