Filtered by vendor Hashicorp
Subscriptions
Filtered by product Nomad
Subscriptions
Total
28 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-3299 | 1 Hashicorp | 1 Nomad | 2024-08-02 | 3.4 Low |
HashiCorp Nomad Enterprise 1.2.11 up to 1.5.6, and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11. | ||||
CVE-2023-3300 | 1 Hashicorp | 1 Nomad | 2024-08-02 | 5.3 Medium |
HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and 1.4.1. | ||||
CVE-2023-3072 | 1 Hashicorp | 1 Nomad | 2024-08-02 | 4.1 Medium |
HashiCorp Nomad and Nomad Enterprise 0.7.0 up to 1.5.6 and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11. | ||||
CVE-2023-1782 | 1 Hashicorp | 1 Nomad | 2024-08-02 | 10 Critical |
HashiCorp Nomad and Nomad Enterprise versions 1.5.0 up to 1.5.2 allow unauthenticated users to bypass intended ACL authorizations for clusters where mTLS is not enabled. This issue is fixed in version 1.5.3. | ||||
CVE-2023-1296 | 1 Hashicorp | 1 Nomad | 2024-08-02 | 2.7 Low |
HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.5.0 did not correctly enforce deny policies applied to a workload’s variables. Fixed in 1.4.6 and 1.5.1. | ||||
CVE-2023-1299 | 1 Hashicorp | 1 Nomad | 2024-08-02 | 7.4 High |
HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter to escalate to management-level privileges using workload identity and task API. Fixed in 1.5.1. | ||||
CVE-2023-0821 | 1 Hashicorp | 1 Nomad | 2024-08-02 | 6.5 Medium |
HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source can cause excessive disk usage. Fixed in 1.2.16, 1.3.9, and 1.4.4. | ||||
CVE-2024-1329 | 1 Hashicorp | 1 Nomad | 2024-08-01 | 7.7 High |
HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. Fixed in Nomad 1.7.4, 1.6.7, 1.5.14. |