CVE-2023-0821
- EPSS 0.8%
- Veröffentlicht 16.02.2023 22:15:11
- Zuletzt bearbeitet 21.11.2024 07:37:54
HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source can cause excessive disk usage. Fixed in 1.2.16, 1.3.9, and 1.4.4.
CVE-2019-14802
- EPSS 0.59%
- Veröffentlicht 26.12.2022 21:15:10
- Zuletzt bearbeitet 14.04.2025 18:15:18
HashiCorp Nomad 0.5.0 through 0.9.4 (fixed in 0.9.5) reveals unintended environment variables to the rendering task during template rendering, aka GHSA-6hv3-7c34-4hx8. This applies to nomad/client/allocrunner/taskrunner/template.
CVE-2022-3867
- EPSS 0.46%
- Veröffentlicht 10.11.2022 06:15:11
- Zuletzt bearbeitet 21.11.2024 07:20:23
HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 event stream subscribers using a token with TTL receive updates until token garbage is collected. Fixed in 1.4.2.
CVE-2022-3866
- EPSS 0.51%
- Veröffentlicht 10.11.2022 06:15:09
- Zuletzt bearbeitet 21.11.2024 07:20:23
HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. Fixed in 1.4.2.
CVE-2022-41606
- EPSS 0.72%
- Veröffentlicht 12.10.2022 00:15:10
- Zuletzt bearbeitet 20.05.2025 16:15:23
HashiCorp Nomad and Nomad Enterprise 1.0.2 up to 1.2.12, and 1.3.5 jobs submitted with an artifact stanza using invalid S3 or GCS URLs can be used to crash client agents. Fixed in 1.2.13, 1.3.6, and 1.4.0.
CVE-2022-30324
- EPSS 1.33%
- Veröffentlicht 02.06.2022 14:15:52
- Zuletzt bearbeitet 21.11.2024 07:02:35
HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were impacted by go-getter vulnerabilities enabling privilege escalation through the artifact stanza in submitted jobs onto the client agent host. Fixed in 1.1.14, 1.2.8, and 1.3.1.
CVE-2022-24685
- EPSS 1.52%
- Veröffentlicht 28.02.2022 14:15:08
- Zuletzt bearbeitet 21.11.2024 06:50:52
HashiCorp Nomad and Nomad Enterprise 1.0.17, 1.1.11, and 1.2.5 allow invalid HCL for the jobs parse endpoint, which may cause excessive CPU usage. Fixed in 1.0.18, 1.1.12, and 1.2.6.
CVE-2022-24683
- EPSS 1.54%
- Veröffentlicht 17.02.2022 17:15:09
- Zuletzt bearbeitet 21.11.2024 06:50:52
HashiCorp Nomad and Nomad Enterprise 0.9.2 through 1.0.17, 1.1.11, and 1.2.5 allow operators with read-fs and alloc-exec (or job-submit) capabilities to read arbitrary files on the host filesystem as root.
CVE-2022-24684
- EPSS 1.4%
- Veröffentlicht 15.02.2022 15:15:12
- Zuletzt bearbeitet 21.11.2024 06:50:52
HashiCorp Nomad and Nomad Enterprise 0.9.0 through 1.0.16, 1.1.11, and 1.2.5 allow operators with job-submit capabilities to use the spread stanza to panic server agents. Fixed in 1.0.18, 1.1.12, and 1.2.6.
CVE-2022-24686
- EPSS 0.86%
- Veröffentlicht 14.02.2022 14:15:08
- Zuletzt bearbeitet 21.11.2024 06:50:52
HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.11, and 1.2.5 artifact download functionality has a race condition such that the Nomad client agent could download the wrong artifact into the wrong destination. Fixed in 1.0.18, 1.1.12, ...