CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-3866

HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. Fixed in 1.4.2.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 39.0%

CVSS Severity

CVSS v3 Score 5.0

References

https://discuss.hashicorp.com/t/hcsec-2022-25-nomad-s-workload-identity-token-can-list-non-sensitive-metadata-for-nomad-paths/46167
https://discuss.hashicorp.com/t/hcsec-2022-25-nomad-s-workload-identity-token-can-list-non-sensitive-metadata-for-nomad-paths/46167

Products affected by CVE-2022-3866

Hashicorp » Nomad » Version: 1.4.0

cpe:2.3:a:hashicorp:nomad:1.4.0
Hashicorp » Nomad » Version: 1.4.1

cpe:2.3:a:hashicorp:nomad:1.4.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-3866

Products

Pricing

Contact Us