VDB-248847 · CVE-2016-15036 · ID 94

Deis Workflow Manager जोपर्यंत 2.3.2 जातीची स्थिती

एक असुरक्षितता जी समस्याग्रस्त म्हणून वर्गीकृत आहे, ती Deis Workflow Manager जोपर्यंत 2.3.2 मध्ये आढळली आहे. प्रभावित आहे अज्ञात फंक्शन. सॉफ्टवेअरमध्ये केलेली प्रक्रिया जातीची स्थिती ला कारणीभूत ठरते. CWE वापरून समस्या घोषित केल्याने CWE-362 कडे नेले जाते. कमजोरी प्रकाशित करण्यात आली होती 10/08/2016 म्हणून 94. सल्ला डाउनलोडसाठी github.com येथे शेअर केला आहे. ही त्रुटी CVE-2016-15036 म्हणून वर्गीकृत केली आहे. हल्ल्यासाठी स्थानिक नेटवर्कमध्ये प्रवेश आवश्यक आहे. तांत्रिक तपशील उपलब्ध नाहीत. यासाठी कोणताही एक्स्प्लॉइट उपलब्ध नाही. सध्याच्या घडीला अंदाजे USD $0-$5k असू शकतो. हे परिभाषित केलेले नाही म्हणून घोषित केले आहे. 0-डे म्हणून अंदाजे अंडरग्राउंड किंमत सुमारे $0-$5k होती. 2.3.3 या आवृत्तीवर अद्ययावत केल्यास ही समस्या सोडवता येईल. अपडेट केलेली आवृत्ती github.com येथे डाउनलोडसाठी उपलब्ध आहे. 31fe3bccbdde134a185752e53380330d16053f7f नावाचा पॅच आहे. आपण github.com वरून बगफिक्स डाउनलोड करू शकता. प्रभावित घटकाचे अद्ययावत करणे शिफारसीय आहे. संवेदनशीलता जाहीर केल्यानंतर 1 दिवस मध्ये एक संभाव्य उपाय उपलब्ध झाला आहे. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

4 बदल · 97 डेटा पॉइंट्स

शेत	तयार केली 22/12/2023 07:46 AM	अद्ययावत 1/3 18/01/2024 08:40 AM	अद्ययावत 2/3 18/01/2024 08:44 AM	अद्ययावत 3/3 06/08/2024 11:40 AM
software_vendor	Deis	Deis	Deis	Deis
software_name	Workflow Manager	Workflow Manager	Workflow Manager	Workflow Manager
software_version	<=2.3.2	<=2.3.2	<=2.3.2	<=2.3.2
vulnerability_cwe	CWE-362 (जातीची स्थिती)	CWE-362 (जातीची स्थिती)	CWE-362 (जातीची स्थिती)	CWE-362 (जातीची स्थिती)
vulnerability_risk	1	1	1	1
cvss3_vuldb_ac	H	H	H	H
cvss3_vuldb_s	U	U	U	U
cvss3_vuldb_rl	O	O	O	O
cvss3_vuldb_rc	C	C	C	C
advisory_date	1470780000 (10/08/2016)	1470780000 (10/08/2016)	1470780000 (10/08/2016)	1470780000 (10/08/2016)
advisory_identifier	94	94	94	94
advisory_url	https://github.com/deis/workflow-manager/pull/94	https://github.com/deis/workflow-manager/pull/94	https://github.com/deis/workflow-manager/pull/94	https://github.com/deis/workflow-manager/pull/94
countermeasure_name	अपग्रेड करा	अपग्रेड करा	अपग्रेड करा	अपग्रेड करा
countermeasure_date	1470866400 (11/08/2016)	1470866400 (11/08/2016)	1470866400 (11/08/2016)	1470866400 (11/08/2016)
upgrade_version	2.3.3	2.3.3	2.3.3	2.3.3
countermeasure_upgrade_url	https://github.com/deis/workflow-manager/releases/tag/v2.3.3	https://github.com/deis/workflow-manager/releases/tag/v2.3.3	https://github.com/deis/workflow-manager/releases/tag/v2.3.3	https://github.com/deis/workflow-manager/releases/tag/v2.3.3
patch_name	31fe3bccbdde134a185752e53380330d16053f7f	31fe3bccbdde134a185752e53380330d16053f7f	31fe3bccbdde134a185752e53380330d16053f7f	31fe3bccbdde134a185752e53380330d16053f7f
countermeasure_patch_url	https://github.com/deis/workflow-manager/commit/31fe3bccbdde134a185752e53380330d16053f7f	https://github.com/deis/workflow-manager/commit/31fe3bccbdde134a185752e53380330d16053f7f	https://github.com/deis/workflow-manager/commit/31fe3bccbdde134a185752e53380330d16053f7f	https://github.com/deis/workflow-manager/commit/31fe3bccbdde134a185752e53380330d16053f7f
countermeasure_advisoryquote	cluster_id is vulnerable to race condition when called concurrently (#94) * fix(cluster_id): Get() is "insert if not exist", needs read-write lock protection * fix(jobs): remove static clusterID getter in sendVersionsImpl 1) add generic data.ClusterID type in sendVersions type struct 2) enable common clusterID reference to be included in multiple, concurrent jobs, so that appropriate locking can be enforced	cluster_id is vulnerable to race condition when called concurrently (#94) * fix(cluster_id): Get() is "insert if not exist", needs read-write lock protection * fix(jobs): remove static clusterID getter in sendVersionsImpl 1) add generic data.ClusterID type in sendVersions type struct 2) enable common clusterID reference to be included in multiple, concurrent jobs, so that appropriate locking can be enforced	cluster_id is vulnerable to race condition when called concurrently (#94) * fix(cluster_id): Get() is "insert if not exist", needs read-write lock protection * fix(jobs): remove static clusterID getter in sendVersionsImpl 1) add generic data.ClusterID type in sendVersions type struct 2) enable common clusterID reference to be included in multiple, concurrent jobs, so that appropriate locking can be enforced	cluster_id is vulnerable to race condition when called concurrently (#94) * fix(cluster_id): Get() is "insert if not exist", needs read-write lock protection * fix(jobs): remove static clusterID getter in sendVersionsImpl 1) add generic data.ClusterID type in sendVersions type struct 2) enable common clusterID reference to be included in multiple, concurrent jobs, so that appropriate locking can be enforced
source_cve	CVE-2016-15036	CVE-2016-15036	CVE-2016-15036	CVE-2016-15036
cna_responsible	VulDB	VulDB	VulDB	VulDB
cna_eol	1	1	1	1
cvss2_vuldb_ac	H	H	H	H
cvss2_vuldb_rc	C	C	C	C
cvss2_vuldb_rl	OF	OF	OF	OF
cvss2_vuldb_av	A	A	A	A
cvss2_vuldb_au	S	S	S	S
cvss2_vuldb_ci	P	P	P	P
cvss2_vuldb_ii	P	P	P	P
cvss2_vuldb_ai	P	P	P	P
cvss2_vuldb_e	ND	ND	ND	ND
cvss3_vuldb_av	A	A	A	A
cvss3_vuldb_pr	L	L	L	L
cvss3_vuldb_ui	N	N	N	N
cvss3_vuldb_c	L	L	L	L
cvss3_vuldb_i	L	L	L	L
cvss3_vuldb_a	L	L	L	L
cvss3_vuldb_e	X	X	X	X
cvss2_vuldb_basescore	4.0	4.0	4.0	4.0
cvss2_vuldb_tempscore	3.5	3.5	3.5	3.5
cvss3_vuldb_basescore	4.6	4.6	4.6	4.6
cvss3_vuldb_tempscore	4.4	4.4	4.4	4.4
cvss3_meta_basescore	4.6	4.6	5.6	5.6
cvss3_meta_tempscore	4.4	4.4	5.5	5.5
price_0day	$0-$5k	$0-$5k	$0-$5k	$0-$5k
cve_assigned		1703199600 (22/12/2023)	1703199600 (22/12/2023)	1703199600 (22/12/2023)
cve_nvd_summary		UNSUPPORTED WHEN ASSIGNED A vulnerability was found in Deis Workflow Manager up to 2.3.2. It has been classified as problematic. This affects an unknown part. The manipulation leads to race condition. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 2.3.3 is able to address this issue. The patch is named 31fe3bccbdde134a185752e53380330d16053f7f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248847. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.	UNSUPPORTED WHEN ASSIGNED A vulnerability was found in Deis Workflow Manager up to 2.3.2. It has been classified as problematic. This affects an unknown part. The manipulation leads to race condition. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 2.3.3 is able to address this issue. The patch is named 31fe3bccbdde134a185752e53380330d16053f7f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248847. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.	UNSUPPORTED WHEN ASSIGNED A vulnerability was found in Deis Workflow Manager up to 2.3.2. It has been classified as problematic. This affects an unknown part. The manipulation leads to race condition. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 2.3.3 is able to address this issue. The patch is named 31fe3bccbdde134a185752e53380330d16053f7f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248847. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
cvss3_nvd_av			A	A
cvss3_nvd_ac			H	H
cvss3_nvd_pr			N	N
cvss3_nvd_ui			N	N
cvss3_nvd_s			U	U
cvss3_nvd_c			H	H
cvss3_nvd_i			H	H
cvss3_nvd_a			H	H
cvss2_nvd_av			A	A
cvss2_nvd_ac			H	H
cvss2_nvd_au			S	S
cvss2_nvd_ci			P	P
cvss2_nvd_ii			P	P
cvss2_nvd_ai			P	P
cvss3_cna_av			A	A
cvss3_cna_ac			H	H
cvss3_cna_pr			L	L
cvss3_cna_ui			N	N
cvss3_cna_s			U	U
cvss3_cna_c			L	L
cvss3_cna_i			L	L
cvss3_cna_a			L	L
cve_cna			VulDB	VulDB
cvss2_nvd_basescore			4.0	4.0
cvss3_nvd_basescore			7.5	7.5
cvss3_cna_basescore			4.6	4.6
cve_nvd_summaryes				NO SOPORTADO CUANDO SE ASIGNÓ Se encontró una vulnerabilidad en Deis Workflow Manager hasta 2.3.2. Ha sido clasificada como problemática. Esto afecta a una parte desconocida. La manipulación conduce a la condición de ejecución. La complejidad del ataque es bastante alta. Se dice que la explotabilidad es difícil. La actualización a la versión 2.3.3 puede solucionar este problema. El parche se llama 31fe3bccbdde134a185752e53380330d16053f7f. Se recomienda actualizar el componente afectado. El identificador asociado de esta vulnerabilidad es VDB-248847. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el fabricante.
cvss2_cna_av				A
cvss2_cna_ac				H
cvss2_cna_au				S
cvss2_cna_ci				P
cvss2_cna_ii				P
cvss2_cna_ai				P
cvss2_cna_basescore				4
cvss4_vuldb_av				A
cvss4_vuldb_ac				H
cvss4_vuldb_pr				L
cvss4_vuldb_ui				N
cvss4_vuldb_vc				L
cvss4_vuldb_vi				L
cvss4_vuldb_va				L
cvss4_vuldb_e				X
cvss4_vuldb_at				N
cvss4_vuldb_sc				N
cvss4_vuldb_si				N
cvss4_vuldb_sa				N
cvss4_vuldb_bscore				2.1
cvss4_vuldb_btscore				2.1

◂ मागील बाजूस सिंहावलोकन पुढील ▸

Do you know our Splunk app?

Download it now for free!