// For flags

CVE-2023-0821

Nomad Client Vulnerable to Decompression Bombs in Artifact Block

Severity Score

6.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source can cause excessive disk usage. Fixed in 1.2.16, 1.3.9, and 1.4.4.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2023-02-13 CVE Reserved
  • 2023-02-16 CVE Published
  • 2024-08-02 CVE Updated
  • 2024-09-08 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-409: Improper Handling of Highly Compressed Data (Data Amplification)
CAPEC
  • CAPEC-572: Artificially Inflate File Sizes
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Hashicorp
Search vendor "Hashicorp"
Nomad
Search vendor "Hashicorp" for product "Nomad"
< 1.2.15
Search vendor "Hashicorp" for product "Nomad" and version " < 1.2.15"
-
Affected
Hashicorp
Search vendor "Hashicorp"
Nomad
Search vendor "Hashicorp" for product "Nomad"
< 1.2.15
Search vendor "Hashicorp" for product "Nomad" and version " < 1.2.15"
enterprise
Affected
Hashicorp
Search vendor "Hashicorp"
Nomad
Search vendor "Hashicorp" for product "Nomad"
>= 1.3.0 < 1.3.9
Search vendor "Hashicorp" for product "Nomad" and version " >= 1.3.0 < 1.3.9"
-
Affected
Hashicorp
Search vendor "Hashicorp"
Nomad
Search vendor "Hashicorp" for product "Nomad"
>= 1.3.0 < 1.3.9
Search vendor "Hashicorp" for product "Nomad" and version " >= 1.3.0 < 1.3.9"
enterprise
Affected
Hashicorp
Search vendor "Hashicorp"
Nomad
Search vendor "Hashicorp" for product "Nomad"
>= 1.4.0 < 1.4.4
Search vendor "Hashicorp" for product "Nomad" and version " >= 1.4.0 < 1.4.4"
-
Affected
Hashicorp
Search vendor "Hashicorp"
Nomad
Search vendor "Hashicorp" for product "Nomad"
>= 1.4.0 < 1.4.4
Search vendor "Hashicorp" for product "Nomad" and version " >= 1.4.0 < 1.4.4"
enterprise
Affected