23 results (0.011 seconds)

CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0

Nomad Community and Nomad Enterprise ("Nomad") volume specification is vulnerable to arbitrary cross-namespace volume creation through unauthorized Container Storage Interface (CSI) volume writes. This vulnerability, identified as CVE-2024-10975, is fixed in Nomad Community Edition 1.9.2 and Nomad Enterprise 1.9.2, 1.8.7, and 1.7.15. • https://discuss.hashicorp.com/t/hcsec-2024-27-nomad-vulnerable-to-cross-namespace-volume-creation-abusing-csi-write-permission • CWE-863: Incorrect Authorization •

CVSS: 5.8EPSS: 0%CPEs: 2EXPL: 0

In HashiCorp Nomad and Nomad Enterprise from 0.6.1 up to 1.16.13, 1.7.10, and 1.8.2, the archive unpacking process is vulnerable to writes outside the allocation directory during migration of allocation directories when multiple archive headers target the same file. This vulnerability, CVE-2024-7625, is fixed in Nomad 1.6.14, 1.7.11, and 1.8.3. Access or compromise of the Nomad client agent at the source allocation first is a prerequisite for leveraging this vulnerability. In HashiCorp Nomad and Nomad Enterprise from 0.6.1 up to 1.6.13, 1.7.10, and 1.8.2, the archive unpacking process is vulnerable to writes outside the allocation directory during migration of allocation directories when multiple archive headers target the same file. This vulnerability, CVE-2024-7625, is fixed in Nomad 1.6.14, 1.7.11, and 1.8.3. • https://discuss.hashicorp.com/t/hcsec-2024-17-nomad-vulnerable-to-allocation-directory-escape-on-non-existing-file-paths-through-archive-unpacking/69293 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •

CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0

HashiCorp Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 1.8.1 archive unpacking during migration is vulnerable to path escaping of the allocation directory. This vulnerability, CVE-2024-6717, is fixed in Nomad 1.6.13, 1.7.10, and 1.8.2. HashiCorp Nomad y Nomad Enterprise 1.6.12 hasta 1.7.9 y 1.8.1 al desempaquetar archivos durante la migración es vulnerable a que la ruta se escape del directorio de asignación. Esta vulnerabilidad, CVE-2024-6717, se solucionó en Nomad 1.6.13, 1.7.10 y 1.8.2. • https://discuss.hashicorp.com/t/hcsec-2024-15-nomad-vulnerable-to-allocation-directory-path-escape-through-archive-unpacking/68781 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •

CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0

HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and 1.4.1. • https://discuss.hashicorp.com/t/hcsec-2023-22-nomad-search-api-leaks-information-about-csi-plugins/56272 • CWE-266: Incorrect Privilege Assignment CWE-862: Missing Authorization •

CVSS: 3.4EPSS: 0%CPEs: 4EXPL: 0

HashiCorp Nomad Enterprise 1.2.11 up to 1.5.6, and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11. • https://discuss.hashicorp.com/t/hcsec-2023-21-nomad-caller-acl-tokens-secret-id-is-exposed-to-sentinel/56271 • CWE-201: Insertion of Sensitive Information Into Sent Data CWE-668: Exposure of Resource to Wrong Sphere •