CVE-2020-28348
- EPSS 0.49%
- Published 24.11.2020 03:15:13
- Last modified 21.11.2024 05:22:38
HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be subverted when not explicitly disabled or when using a volume mount type. Fixed in 0.12.8, 0.11.7, and 0.10.8.
CVE-2020-27195
- EPSS 0.36%
- Published 22.10.2020 17:15:12
- Last modified 21.11.2024 05:20:50
HashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5 client file sandbox feature can be subverted using either the template or artifact stanzas. Fixed in 0.12.6, 0.11.5, and 0.10.6
CVE-2020-10944
- EPSS 0.28%
- Published 28.04.2020 14:15:14
- Last modified 21.11.2024 04:56:25
HashiCorp Nomad and Nomad Enterprise up to 0.10.4 contained a cross-site scripting vulnerability such that files from a malicious workload could cause arbitrary JavaScript to execute in the web UI. Fixed in 0.10.5.
CVE-2020-7956
- EPSS 0.24%
- Published 31.01.2020 13:15:10
- Last modified 21.11.2024 05:38:05
HashiCorp Nomad and Nomad Enterprise up to 0.10.2 incorrectly validated role/region associated with TLS certificates used for mTLS RPC, and were susceptible to privilege escalation. Fixed in 0.10.3.
CVE-2020-7218
- EPSS 0.77%
- Published 31.01.2020 13:15:10
- Last modified 21.11.2024 05:36:51
HashiCorp Nomad and Nonad Enterprise up to 0.10.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 0.10.3.
- EPSS 0.7%
- Published 12.08.2019 17:15:10
- Last modified 21.11.2024 04:23:11
HashiCorp Nomad 0.9.0 through 0.9.1 has Incorrect Access Control via the exec driver.