Total
28 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-32575 | 1 Hashicorp | 1 Nomad | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge networking mode allows ARP spoofing from other bridged tasks on the same node. Fixed in 0.12.12, 1.0.5, and 1.1.0 RC1. | |||||
CVE-2020-7956 | 1 Hashicorp | 1 Nomad | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
HashiCorp Nomad and Nomad Enterprise up to 0.10.2 incorrectly validated role/region associated with TLS certificates used for mTLS RPC, and were susceptible to privilege escalation. Fixed in 0.10.3. | |||||
CVE-2020-7218 | 1 Hashicorp | 1 Nomad | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
HashiCorp Nomad and Nonad Enterprise up to 0.10.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 0.10.3. | |||||
CVE-2020-28348 | 1 Hashicorp | 1 Nomad | 2024-11-21 | 6.3 MEDIUM | 6.5 MEDIUM |
HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be subverted when not explicitly disabled or when using a volume mount type. Fixed in 0.12.8, 0.11.7, and 0.10.8. | |||||
CVE-2020-27195 | 1 Hashicorp | 1 Nomad | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
HashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5 client file sandbox feature can be subverted using either the template or artifact stanzas. Fixed in 0.12.6, 0.11.5, and 0.10.6 | |||||
CVE-2020-10944 | 1 Hashicorp | 1 Nomad | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
HashiCorp Nomad and Nomad Enterprise up to 0.10.4 contained a cross-site scripting vulnerability such that files from a malicious workload could cause arbitrary JavaScript to execute in the web UI. Fixed in 0.10.5. | |||||
CVE-2019-14802 | 1 Hashicorp | 1 Nomad | 2024-11-21 | N/A | 5.3 MEDIUM |
HashiCorp Nomad 0.5.0 through 0.9.4 (fixed in 0.9.5) reveals unintended environment variables to the rendering task during template rendering, aka GHSA-6hv3-7c34-4hx8. This applies to nomad/client/allocrunner/taskrunner/template. | |||||
CVE-2019-12618 | 1 Hashicorp | 1 Nomad | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
HashiCorp Nomad 0.9.0 through 0.9.1 has Incorrect Access Control via the exec driver. |