Hashicorp

Nomad

36 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2025-4922

  • EPSS 0.02%
  • Veröffentlicht 11.06.2025 13:24:18
  • Zuletzt bearbeitet 12.06.2025 16:06:20

Nomad Community and Nomad Enterprise (“Nomad”) prefix-based ACL policy lookup can lead to incorrect rule application and shadowing. This vulnerability, identified as CVE-2025-4922, is fixed in Nomad Community Edition 1.10.2 and Nomad Enterprise 1.10....

7.6

CVE-2025-3744

  • EPSS 0.07%
  • Veröffentlicht 13.05.2025 18:40:08
  • Zuletzt bearbeitet 15.05.2025 16:45:32

Nomad Enterprise (“Nomad”) jobs using the policy override option are bypassing the mandatory sentinel policies. This vulnerability, identified as CVE-2025-3744, is fixed in Nomad Enterprise 1.10.1, 1.9.9, and 1.8.13.

6.5

CVE-2025-1296

  • EPSS 0.03%
  • Veröffentlicht 10.03.2025 18:15:30
  • Zuletzt bearbeitet 10.03.2025 18:15:30

Nomad Community and Nomad Enterprise (“Nomad”) are vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs. This vulnerability, identified as CVE-2025-1296, is fixed in Nomad Community Edition 1.9.7 a...

7.1

CVE-2025-0937

  • EPSS 0.03%
  • Veröffentlicht 12.02.2025 19:15:09
  • Zuletzt bearbeitet 12.02.2025 19:15:09

Nomad Community and Nomad Enterprise ("Nomad") event stream configured with a wildcard namespace can bypass the ACL Policy allowing reads on other namespaces.

6.5

CVE-2024-12678

  • EPSS 0.12%
  • Veröffentlicht 20.12.2024 02:15:05
  • Zuletzt bearbeitet 20.12.2024 02:15:05

Nomad Community and Nomad Enterprise ("Nomad") allocations are vulnerable to privilege escalation within a namespace through unredacted workload identity tokens. This vulnerability, identified as CVE-2024-12678, is fixed in Nomad Community Edition 1....

7.7

CVE-2024-10975

  • EPSS 0.04%
  • Veröffentlicht 07.11.2024 21:15:06
  • Zuletzt bearbeitet 08.11.2024 19:01:03

Nomad Community and Nomad Enterprise ("Nomad") volume specification is vulnerable to arbitrary cross-namespace volume creation through unauthorized Container Storage Interface (CSI) volume writes. This vulnerability, identified as CVE-2024-10975, is ...

5.8

CVE-2024-7625

  • EPSS 0.14%
  • Veröffentlicht 15.08.2024 00:15:13
  • Zuletzt bearbeitet 25.09.2024 16:15:11

In HashiCorp Nomad and Nomad Enterprise from 0.6.1 up to 1.6.13, 1.7.10, and 1.8.2, the archive unpacking process is vulnerable to writes outside the allocation directory during migration of allocation directories when multiple archive headers target...

7.7

CVE-2024-6717

  • EPSS 0.16%
  • Veröffentlicht 23.07.2024 01:15:09
  • Zuletzt bearbeitet 21.11.2024 09:50:10

HashiCorp Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 1.8.1 archive unpacking during migration is vulnerable to path escaping of the allocation directory. This vulnerability, CVE-2024-6717, is fixed in Nomad 1.6.13, 1.7.10, and 1.8.2.

7.5

CVE-2024-1329

  • EPSS 0.29%
  • Veröffentlicht 08.02.2024 20:15:52
  • Zuletzt bearbeitet 21.11.2024 08:50:20

HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. This vulnerability, CVE-2024-1329, is fixed in Nomad 1.7.4, 1.6.7...

5.3

CVE-2023-3300

  • EPSS 0.53%
  • Veröffentlicht 20.07.2023 00:15:10
  • Zuletzt bearbeitet 21.11.2024 08:16:57

HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and 1.4.1.