Hashicorp: >> Nomad >> 0.10.3 Security Vulnerabilities
HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be subverted when not explicitly disabled or when using a volume mount type. Fixed in 0.12.8, 0.11.7, and 0.10.8.
CVSS Score
6.5
EPSS Score
0.011
Published
2020-11-24
HashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5 client file sandbox feature can be subverted using either the template or artifact stanzas. Fixed in 0.12.6, 0.11.5, and 0.10.6
CVSS Score
9.1
EPSS Score
0.004
Published
2020-10-22
HashiCorp Nomad and Nomad Enterprise up to 0.10.4 contained a cross-site scripting vulnerability such that files from a malicious workload could cause arbitrary JavaScript to execute in the web UI. Fixed in 0.10.5.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-04-28
Page 2