Lucene search

Veracode Vulnerability DatabaseVERACODE:44887

HistoryDec 28, 2023 - 12:10 p.m.

Race Condition

2023-12-2812:10:47

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

github

deis

workflow manager

race condition

shared resource

cluster_id

vulnerability

attacker

modify

4 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:H/Au:S/C:P/I:P/A:P

7.5 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.9%

JSON

github.com/deis/workflow-manager is vulnerable to Race Condition. The vulnerability is caused when the shared resource parameter cluster_id is called concurrently. An attacker can potentially modify a shared resource by exploiting this vulnerability.

CPENameOperatorVersion
github.com/deis/workflow-managerlev2.3.2
github.com/deis/workflow-managerlev2.3.2

CPE	Name	Operator	Version
	github.com/deis/workflow-manager	le	v2.3.2
	github.com/deis/workflow-manager	le	v2.3.2

References

github.com/advisories/GHSA-jpfp-xq3p-4h3r

github.com/deis/workflow-manager/commit/31fe3bccbdde134a185752e53380330d16053f7f

github.com/deis/workflow-manager/pull/94

github.com/deis/workflow-manager/releases/tag/v2.3.3

vuldb.com/?ctiid.248847

vuldb.com/?id.248847

4 Medium

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:H/Au:S/C:P/I:P/A:P

7.5 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.9%

JSON

Related for VERACODE:44887