Vulnerability Details CVE-2021-41865
HashiCorp Nomad and Nomad Enterprise 1.1.1 through 1.1.5 allowed authenticated users with job submission capabilities to cause denial of service by submitting incomplete job specifications with a Consul mesh gateway and host networking mode. Fixed in 1.1.6.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 63.0%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
- https://discuss.hashicorp.com/t/hcsec-2021-26-nomad-denial-of-service-via-submission-of-incomplete-job-specification-using-consul-mesh-gateway-host-network/30311
- https://discuss.hashicorp.com/t/hcsec-2021-26-nomad-denial-of-service-via-submission-of-incomplete-job-specification-using-consul-mesh-gateway-host-network/30311
Products affected by CVE-2021-41865
-
cpe:2.3:a:hashicorp:nomad:1.1.1
-
cpe:2.3:a:hashicorp:nomad:1.1.2
-
cpe:2.3:a:hashicorp:nomad:1.1.3
-
cpe:2.3:a:hashicorp:nomad:1.1.4
-
cpe:2.3:a:hashicorp:nomad:1.1.5