Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2016-15036

Good to know:

icon

Date: December 23, 2023

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Deis Workflow Manager up to 2.3.2. It has been classified as problematic. This affects an unknown part. The manipulation leads to race condition. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 2.3.3 is able to address this issue. The patch is named 31fe3bccbdde134a185752e53380330d16053f7f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248847. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Language: Go

Severity Score

Related Resources (8)

https://github.com/advisories/GHSA-jpfp-xq3p-4h3r
https://github.com/deis/workflow-manager/pull/94
https://vuldb.com/?id.248847
https://github.com/deis/workflow-manager/releases/tag/v2.3.3
https://nvd.nist.gov/vuln/detail/CVE-2016-15036
https://github.com/deis/workflow-manager/commit/31fe3bccbdde134a185752e53380330d16053f7f
https://vuldb.com/?ctiid.248847
https://www.mend.io/vulnerability-database/CVE-2016-15036

Severity Score

Weakness Type (CWE)

Race Conditions

CWE-362

Top Fix

icon

Upgrade Version

Upgrade to version v2.3.3

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): ADJACENT_NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): LOW

CVSS v2

Base Score:
Access Vector (AV): ADJACENT
Access Complexity (AC): HIGH
Authentication (AU): SINGLE
Confidentiality (C): PARTIAL
Integrity (I): PARTIAL
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us