Page 2 of 9 results (0.008 seconds)

CVSS: 4.1EPSS: 0%CPEs: 4EXPL: 0

HashiCorp Nomad and Nomad Enterprise 0.7.0 up to 1.5.6 and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11. • https://discuss.hashicorp.com/t/hcsec-2023-20-nomad-acl-policies-without-label-are-applied-to-unexpected-resources/56270 • CWE-266: Incorrect Privilege Assignment CWE-862: Missing Authorization •

CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0

HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source can cause excessive disk usage. Fixed in 1.2.16, 1.3.9, and 1.4.4. • https://discuss.hashicorp.com/t/hcsec-2023-05-nomad-client-vulnerable-to-decompression-bombs-in-artifact-block/50292 • CWE-409: Improper Handling of Highly Compressed Data (Data Amplification) •

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0

HashiCorp Nomad and Nomad Enterprise 1.0.2 up to 1.2.12, and 1.3.5 jobs submitted with an artifact stanza using invalid S3 or GCS URLs can be used to crash client agents. Fixed in 1.2.13, 1.3.6, and 1.4.0. Los trabajos de HashiCorp Nomad y Nomad Enterprise versiones 1.0.2 hasta 1.2.12, y 1.3.5, enviados con una estrofa de artefacto usando URLs S3 o GCS no válidas pueden ser usados para bloquear los agentes cliente. Corregido en versiones 1.2.13, 1.3.6 y 1.4.0 • https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-22-nomad-panics-on-job-submission-with-bad-artifact-stanza-source-url/45420 •

CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0

HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were impacted by go-getter vulnerabilities enabling privilege escalation through the artifact stanza in submitted jobs onto the client agent host. Fixed in 1.1.14, 1.2.8, and 1.3.1. HashiCorp Nomad y Nomad Enterprise versiones 0.2.0 hasta 1.3.0, fueron impactados por vulnerabilidades de go-getter que permiten una escalada de privilegios mediante la estrofa de artefactos en los trabajos enviados en el host del agente cliente. Corregido en versiones 1.1.14, 1.2.8 y 1.3.1 • https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-14-nomad-impacted-by-go-getter-vulnerabilities/39932 •