HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.5.0 did not correctly enforce deny policies applied to a workload’s variables. Fixed in 1.4.6 and 1.5.1.
References
Link | Resource |
---|---|
https://discuss.hashicorp.com/t/hcsec-2023-09-nomad-acls-can-not-deny-access-to-workloads-own-variables/51390 | Issue Tracking Vendor Advisory |
https://discuss.hashicorp.com/t/hcsec-2023-09-nomad-acls-can-not-deny-access-to-workloads-own-variables/51390 | Issue Tracking Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 07:38
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 2.7 |
References | () https://discuss.hashicorp.com/t/hcsec-2023-09-nomad-acls-can-not-deny-access-to-workloads-own-variables/51390 - Issue Tracking, Vendor Advisory |
Information
Published : 2023-03-14 15:15
Updated : 2024-11-21 07:38
NVD link : CVE-2023-1296
Mitre link : CVE-2023-1296
CVE.ORG link : CVE-2023-1296
JSON object : View
Products Affected
hashicorp
- nomad