CVE-2016-15036— Deis Workflow Manager race condition
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2016-15036
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Deis Workflow Manager race condition
Source: NVD (National Vulnerability Database)
Vulnerability Description
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Deis Workflow Manager up to 2.3.2. It has been classified as problematic. This affects an unknown part. The manipulation leads to race condition. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 2.3.3 is able to address this issue. The patch is named 31fe3bccbdde134a185752e53380330d16053f7f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248847. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用共享资源的并发执行不恰当同步问题(竞争条件)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Deis Workflow Manager 竞争条件问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Deis Workflow Manager是Deis公司的一个开源平台即服务 (PaaS),为任何Kubernetes集群添加了一个开发人员友好的层,可以轻松地在自己的服务器上部署和管理应用程序。 Deis Workflow Manager 2.3.2 版本及之前版本存在竞争条件问题漏洞。目前尚无此漏洞的相关信息,请随时关注CNNVD或厂商公告。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Deis | Workflow Manager | 2.3.0 | - |
II. Public POCs for CVE-2016-15036
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2016-15036
请登录查看更多情报信息。
- https://vuldb.com/?id.248847vdb-entry
- https://github.com/deis/workflow-manager/pull/94issue-tracking
- https://nvd.nist.gov/vuln/detail/CVE-2016-15036
IV. Related Vulnerabilities
V. Comments for CVE-2016-15036
No comments yet