CVE-2021-43415 - Vulnerability Details

Vendors	Products
Hashicorp	Nomad

Link	Providers
https://discuss.hashicorp.com/t/hcsec-2021-31-nomad-qemu-task-driver-allowed-paths-bypass-with-job-args/32288
https://nvd.nist.gov/vuln/detail/CVE-2021-43415
https://www.cve.org/CVERecord?id=CVE-2021-43415
https://www.hashicorp.com/blog/category/nomad

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. Fixed in 1.0.14, 1.1.8, and 1.2.1."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-12-03T21:20:12", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.hashicorp.com/blog/category/nomad"}, {"tags": ["x_refsource_MISC"], "url": "https://discuss.hashicorp.com/t/hcsec-2021-31-nomad-qemu-task-driver-allowed-paths-bypass-with-job-args/32288"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-43415", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. Fixed in 1.0.14, 1.1.8, and 1.2.1."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.hashicorp.com/blog/category/nomad", "refsource": "MISC", "url": "https://www.hashicorp.com/blog/category/nomad"}, {"name": "https://discuss.hashicorp.com/t/hcsec-2021-31-nomad-qemu-task-driver-allowed-paths-bypass-with-job-args/32288", "refsource": "MISC", "url": "https://discuss.hashicorp.com/t/hcsec-2021-31-nomad-qemu-task-driver-allowed-paths-bypass-with-job-args/32288"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T03:55:29.400Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.hashicorp.com/blog/category/nomad"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://discuss.hashicorp.com/t/hcsec-2021-31-nomad-qemu-task-driver-allowed-paths-bypass-with-job-args/32288"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-43415", "datePublished": "2021-12-03T21:20:12", "dateReserved": "2021-11-08T00:00:00", "dateUpdated": "2024-08-04T03:55:29.400Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. Fixed in 1.0.14, 1.1.8, and 1.2.1. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2021-12-03T21:20:12 (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://www.hashicorp.com/blog/category/nomad (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://discuss.hashicorp.com/t/hcsec-2021-31-nomad-qemu-task-driver-allowed-paths-bypass-with-job-args/32288 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

ID : CVE-2021-43415 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. Fixed in 1.0.14, 1.1.8, and 1.2.1. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://www.hashicorp.com/blog/category/nomad (string)

refsource : MISC (string)

url : https://www.hashicorp.com/blog/category/nomad (string)

}

1 : { »

name : https://discuss.hashicorp.com/t/hcsec-2021-31-nomad-qemu-task-driver-allowed-paths-bypass-with-job-args/32288 (string)

refsource : MISC (string)

url : https://discuss.hashicorp.com/t/hcsec-2021-31-nomad-qemu-task-driver-allowed-paths-bypass-with-job-args/32288 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T03:55:29.400Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://www.hashicorp.com/blog/category/nomad (string)

}

1 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://discuss.hashicorp.com/t/hcsec-2021-31-nomad-qemu-task-driver-allowed-paths-bypass-with-job-args/32288 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2021-43415 (string)

datePublished : 2021-12-03T21:20:12 (string)

dateReserved : 2021-11-08T00:00:00 (string)

dateUpdated : 2024-08-04T03:55:29.400Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hashicorp:nomad:*:*:*:*:-:*:*:*", "matchCriteriaId": "B48B8776-6AD3-46EB-9CC9-179B8CD12BDE", "versionEndExcluding": "1.0.14", "versionStartIncluding": "1.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hashicorp:nomad:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "18A18ED5-746F-4AC7-A488-504D810A232C", "versionEndExcluding": "1.0.14", "versionStartIncluding": "1.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hashicorp:nomad:*:*:*:*:-:*:*:*", "matchCriteriaId": "6AA406C3-4119-496A-BF0A-4D4CEB596F95", "versionEndExcluding": "1.1.8", "versionStartIncluding": "1.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hashicorp:nomad:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "C8F418FD-A8D5-4710-9293-FAF93FA62D64", "versionEndExcluding": "1.1.8", "versionStartIncluding": "1.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hashicorp:nomad:1.2.0:-:*:*:-:*:*:*", "matchCriteriaId": "0EAE231F-1DE6-49B2-9E0B-40693FA45641", "vulnerable": true}, {"criteria": "cpe:2.3:a:hashicorp:nomad:1.2.0:-:*:*:enterprise:*:*:*", "matchCriteriaId": "D93CCD55-5BDD-481A-BEC7-7AD39C17ECE2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. Fixed in 1.0.14, 1.1.8, and 1.2.1."}, {"lang": "es", "value": "HashiCorp Nomad y Nomad Enterprise versiones hasta 1.0.13, 1.1.7 y 1.2.0, con el controlador de tareas QEMU habilitado, permit\u00eda a usuarios autenticados con capacidad de env\u00edo de trabajos omitir las rutas de imagen permitidas configuradas. Corregido en versiones 1.0.14, 1.1.8 y 1.2.1"}], "id": "CVE-2021-43415", "lastModified": "2024-11-21T06:29:11.990", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-12-03T22:15:07.757", "references": [{"source": "cve@mitre.org", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://discuss.hashicorp.com/t/hcsec-2021-31-nomad-qemu-task-driver-allowed-paths-bypass-with-job-args/32288"}, {"source": "cve@mitre.org", "tags": ["Product", "Vendor Advisory"], "url": "https://www.hashicorp.com/blog/category/nomad"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://discuss.hashicorp.com/t/hcsec-2021-31-nomad-qemu-task-driver-allowed-paths-bypass-with-job-args/32288"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product", "Vendor Advisory"], "url": "https://www.hashicorp.com/blog/category/nomad"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:hashicorp:nomad:*:*:*:*:-:*:*:* (string)

matchCriteriaId : B48B8776-6AD3-46EB-9CC9-179B8CD12BDE (string)

versionEndExcluding : 1.0.14 (string)

versionStartIncluding : 1.0.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:hashicorp:nomad:*:*:*:*:enterprise:*:*:* (string)

matchCriteriaId : 18A18ED5-746F-4AC7-A488-504D810A232C (string)

versionEndExcluding : 1.0.14 (string)

versionStartIncluding : 1.0.0 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:hashicorp:nomad:*:*:*:*:-:*:*:* (string)

matchCriteriaId : 6AA406C3-4119-496A-BF0A-4D4CEB596F95 (string)

versionEndExcluding : 1.1.8 (string)

versionStartIncluding : 1.1.0 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:hashicorp:nomad:*:*:*:*:enterprise:*:*:* (string)

matchCriteriaId : C8F418FD-A8D5-4710-9293-FAF93FA62D64 (string)

versionEndExcluding : 1.1.8 (string)

versionStartIncluding : 1.1.0 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:hashicorp:nomad:1.2.0:-:*:*:-:*:*:* (string)

matchCriteriaId : 0EAE231F-1DE6-49B2-9E0B-40693FA45641 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:hashicorp:nomad:1.2.0:-:*:*:enterprise:*:*:* (string)

matchCriteriaId : D93CCD55-5BDD-481A-BEC7-7AD39C17ECE2 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. Fixed in 1.0.14, 1.1.8, and 1.2.1. (string)

}

1 : { »

lang : es (string)

value : HashiCorp Nomad y Nomad Enterprise versiones hasta 1.0.13, 1.1.7 y 1.2.0, con el controlador de tareas QEMU habilitado, permitía a usuarios autenticados con capacidad de envío de trabajos omitir las rutas de imagen permitidas configuradas. Corregido en versiones 1.0.14, 1.1.8 y 1.2.1 (string)

}

]

id : CVE-2021-43415 (string)

lastModified : 2024-11-21T06:29:11.990 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : SINGLE (string)

availabilityImpact : PARTIAL (string)

baseScore : 6 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:M/Au:S/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 6.8 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 8.8 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2021-12-03T22:15:07.757 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Mitigation (string)

1 : Vendor Advisory (string)

]

url : https://discuss.hashicorp.com/t/hcsec-2021-31-nomad-qemu-task-driver-allowed-paths-bypass-with-job-args/32288 (string)

}

1 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Product (string)

1 : Vendor Advisory (string)

]

url : https://www.hashicorp.com/blog/category/nomad (string)

}

2 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mitigation (string)

1 : Vendor Advisory (string)

]

url : https://discuss.hashicorp.com/t/hcsec-2021-31-nomad-qemu-task-driver-allowed-paths-bypass-with-job-args/32288 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Product (string)

1 : Vendor Advisory (string)

]

url : https://www.hashicorp.com/blog/category/nomad (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : NVD-CWE-Other (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"bugzilla": {"description": "nomad: QEMU task driver allowed paths bypass with job args", "id": "2039920", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039920"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-287", "details": ["HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. Fixed in 1.0.14, 1.1.8, and 1.2.1."], "name": "CVE-2021-43415", "package_state": [{"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "multicluster-engine", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/cluster-curator-controller-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/clusterlifecycle-state-metrics-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/multicloud-manager-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/multiclusterhub-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/openshift-hive-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}], "public_date": "2021-11-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-43415\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-43415"], "threat_severity": "Moderate"}

{

bugzilla : { »

description : nomad: QEMU task driver allowed paths bypass with job args (string)

id : 2039920 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=2039920 (string)

}

csaw : false (boolean)

cvss3 : { »

cvss3_base_score : 8.8 (string)

cvss3_scoring_vector : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (string)

status : draft (string)

}

cwe : CWE-287 (string)

details : [ »

0 : HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. Fixed in 1.0.14, 1.1.8, and 1.2.1. (string)

]

name : CVE-2021-43415 (string)

package_state : [ »

0 : { »

cpe : cpe:/a:redhat:acm:2 (string)

fix_state : Not affected (string)

package_name : multicluster-engine (string)