CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-3867

HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 event stream subscribers using a token with TTL receive updates until token garbage is collected. Fixed in 1.4.2.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 36.2%

CVSS Severity

CVSS v3 Score 2.7

References

https://discuss.hashicorp.com/t/hcsec-2022-26-nomad-s-event-stream-subscriber-using-acl-token-with-ttl-receive-updates-until-garbage-collected/46168
https://discuss.hashicorp.com/t/hcsec-2022-26-nomad-s-event-stream-subscriber-using-acl-token-with-ttl-receive-updates-until-garbage-collected/46168

Products affected by CVE-2022-3867

Hashicorp » Nomad » Version: 1.4.0

cpe:2.3:a:hashicorp:nomad:1.4.0
Hashicorp » Nomad » Version: 1.4.1

cpe:2.3:a:hashicorp:nomad:1.4.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-3867

Products

Pricing

Contact Us