Hashicorp

Nomad

41 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.16%
  • Veröffentlicht 08.07.2026 20:21:16
  • Zuletzt bearbeitet 09.07.2026 16:29:14

HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in the dynamic host volumes feature that may allow an operator holding the host volume delete permission in one namespace to delete a sticky volume claim be...

  • EPSS 0.32%
  • Veröffentlicht 08.07.2026 20:16:48
  • Zuletzt bearbeitet 09.07.2026 16:29:14

HashiCorp Nomad and Nomad Enterprise are vulnerable to a sandbox escape in the Docker task driver that may allow a job submitter to bind-mount a host path into a container even when volume bind mounts are disabled, potentially leading to reading and ...

  • EPSS 0.25%
  • Veröffentlicht 08.07.2026 17:29:30
  • Zuletzt bearbeitet 09.07.2026 16:29:14

HashiCorp Nomad and Nomad Enterprise did not enforce the allow_privileged restriction for the Docker task driver's host namespace mode options. This may allow an authenticated job submitter to run a container in a host namespace and access informatio...

  • EPSS 6.89%
  • Veröffentlicht 12.05.2026 19:09:44
  • Zuletzt bearbeitet 13.05.2026 15:53:17

HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to code execution on the client host through a path traversal attack. This vulnerability (CVE-2026-7474) is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11.

  • EPSS 0.17%
  • Veröffentlicht 12.05.2026 18:59:09
  • Zuletzt bearbeitet 13.05.2026 15:53:17

HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability (CVE-2026-6959) is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11.

  • EPSS 0.48%
  • Veröffentlicht 11.06.2025 13:24:18
  • Zuletzt bearbeitet 22.12.2025 16:37:53

Nomad Community and Nomad Enterprise (“Nomad”) prefix-based ACL policy lookup can lead to incorrect rule application and shadowing. This vulnerability, identified as CVE-2025-4922, is fixed in Nomad Community Edition 1.10.2 and Nomad Enterprise 1.10....

  • EPSS 0.24%
  • Veröffentlicht 13.05.2025 18:40:08
  • Zuletzt bearbeitet 15.05.2025 16:45:32

Nomad Enterprise (“Nomad”) jobs using the policy override option are bypassing the mandatory sentinel policies. This vulnerability, identified as CVE-2025-3744, is fixed in Nomad Enterprise 1.10.1, 1.9.9, and 1.8.13.

  • EPSS 0.45%
  • Veröffentlicht 10.03.2025 18:15:30
  • Zuletzt bearbeitet 18.12.2025 14:41:48

Nomad Community and Nomad Enterprise (“Nomad”) are vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs. This vulnerability, identified as CVE-2025-1296, is fixed in Nomad Community Edition 1.9.7 a...

  • EPSS 0.41%
  • Veröffentlicht 12.02.2025 19:15:09
  • Zuletzt bearbeitet 15.12.2025 21:07:54

Nomad Community and Nomad Enterprise ("Nomad") event stream configured with a wildcard namespace can bypass the ACL Policy allowing reads on other namespaces.

  • EPSS 0.53%
  • Veröffentlicht 20.12.2024 02:15:05
  • Zuletzt bearbeitet 12.12.2025 20:19:49

Nomad Community and Nomad Enterprise ("Nomad") allocations are vulnerable to privilege escalation within a namespace through unredacted workload identity tokens. This vulnerability, identified as CVE-2024-12678, is fixed in Nomad Community Edition 1....