Hashicorp

Nomad

36 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.1

CVE-2025-4922

  • EPSS 0.02%
  • Published 11.06.2025 13:24:18
  • Last modified 12.06.2025 16:06:20

Nomad Community and Nomad Enterprise (“Nomad”) prefix-based ACL policy lookup can lead to incorrect rule application and shadowing. This vulnerability, identified as CVE-2025-4922, is fixed in Nomad Community Edition 1.10.2 and Nomad Enterprise 1.10....

7.6

CVE-2025-3744

  • EPSS 0.07%
  • Published 13.05.2025 18:40:08
  • Last modified 15.05.2025 16:45:32

Nomad Enterprise (“Nomad”) jobs using the policy override option are bypassing the mandatory sentinel policies. This vulnerability, identified as CVE-2025-3744, is fixed in Nomad Enterprise 1.10.1, 1.9.9, and 1.8.13.

6.5

CVE-2025-1296

  • EPSS 0.03%
  • Published 10.03.2025 18:15:30
  • Last modified 10.03.2025 18:15:30

Nomad Community and Nomad Enterprise (“Nomad”) are vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs. This vulnerability, identified as CVE-2025-1296, is fixed in Nomad Community Edition 1.9.7 a...

7.1

CVE-2025-0937

  • EPSS 0.03%
  • Published 12.02.2025 19:15:09
  • Last modified 12.02.2025 19:15:09

Nomad Community and Nomad Enterprise ("Nomad") event stream configured with a wildcard namespace can bypass the ACL Policy allowing reads on other namespaces.

6.5

CVE-2024-12678

  • EPSS 0.12%
  • Published 20.12.2024 02:15:05
  • Last modified 20.12.2024 02:15:05

Nomad Community and Nomad Enterprise ("Nomad") allocations are vulnerable to privilege escalation within a namespace through unredacted workload identity tokens. This vulnerability, identified as CVE-2024-12678, is fixed in Nomad Community Edition 1....

7.7

CVE-2024-10975

  • EPSS 0.04%
  • Published 07.11.2024 21:15:06
  • Last modified 08.11.2024 19:01:03

Nomad Community and Nomad Enterprise ("Nomad") volume specification is vulnerable to arbitrary cross-namespace volume creation through unauthorized Container Storage Interface (CSI) volume writes. This vulnerability, identified as CVE-2024-10975, is ...

5.8

CVE-2024-7625

  • EPSS 0.14%
  • Published 15.08.2024 00:15:13
  • Last modified 25.09.2024 16:15:11

In HashiCorp Nomad and Nomad Enterprise from 0.6.1 up to 1.6.13, 1.7.10, and 1.8.2, the archive unpacking process is vulnerable to writes outside the allocation directory during migration of allocation directories when multiple archive headers target...

7.7

CVE-2024-6717

  • EPSS 0.16%
  • Published 23.07.2024 01:15:09
  • Last modified 21.11.2024 09:50:10

HashiCorp Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 1.8.1 archive unpacking during migration is vulnerable to path escaping of the allocation directory. This vulnerability, CVE-2024-6717, is fixed in Nomad 1.6.13, 1.7.10, and 1.8.2.

7.5

CVE-2024-1329

  • EPSS 0.29%
  • Published 08.02.2024 20:15:52
  • Last modified 21.11.2024 08:50:20

HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. This vulnerability, CVE-2024-1329, is fixed in Nomad 1.7.4, 1.6.7...

5.3

CVE-2023-3300

  • EPSS 0.53%
  • Published 20.07.2023 00:15:10
  • Last modified 21.11.2024 08:16:57

HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and 1.4.1.