Hashicorp: >> Nomad >> 1.1.2 Security Vulnerabilities
HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. Fixed in 1.0.14, 1.1.8, and 1.2.1.
CVSS Score
8.8
EPSS Score
0.002
Published
2021-12-03
HashiCorp Nomad and Nomad Enterprise 1.1.1 through 1.1.5 allowed authenticated users with job submission capabilities to cause denial of service by submitting incomplete job specifications with a Consul mesh gateway and host networking mode. Fixed in 1.1.6.
CVSS Score
6.5
EPSS Score
0.005
Published
2021-10-07
HashiCorp Nomad and Nomad Enterprise Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.0.10 and 1.1.4.
CVSS Score
8.8
EPSS Score
0.002
Published
2021-09-07
Page 2