Hashicorp: >> Nomad >> 1.4.0 Security Vulnerabilities
HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 event stream subscribers using a token with TTL receive updates until token garbage is collected. Fixed in 1.4.2.
CVSS Score
2.7
EPSS Score
0.002
Published
2022-11-10
HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. Fixed in 1.4.2.
CVSS Score
5.0
EPSS Score
0.002
Published
2022-11-10
Page 2