Hashicorp

Nomad

36 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2022-30324

  • EPSS 0.42%
  • Veröffentlicht 02.06.2022 14:15:52
  • Zuletzt bearbeitet 21.11.2024 07:02:35

HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were impacted by go-getter vulnerabilities enabling privilege escalation through the artifact stanza in submitted jobs onto the client agent host. Fixed in 1.1.14, 1.2.8, and 1.3.1.

7.5

CVE-2022-24685

  • EPSS 0.69%
  • Veröffentlicht 28.02.2022 14:15:08
  • Zuletzt bearbeitet 21.11.2024 06:50:52

HashiCorp Nomad and Nomad Enterprise 1.0.17, 1.1.11, and 1.2.5 allow invalid HCL for the jobs parse endpoint, which may cause excessive CPU usage. Fixed in 1.0.18, 1.1.12, and 1.2.6.

7.8

CVE-2022-24683

  • EPSS 0.47%
  • Veröffentlicht 17.02.2022 17:15:09
  • Zuletzt bearbeitet 21.11.2024 06:50:52

HashiCorp Nomad and Nomad Enterprise 0.9.2 through 1.0.17, 1.1.11, and 1.2.5 allow operators with read-fs and alloc-exec (or job-submit) capabilities to read arbitrary files on the host filesystem as root.

6.5

CVE-2022-24684

  • EPSS 0.67%
  • Veröffentlicht 15.02.2022 15:15:12
  • Zuletzt bearbeitet 21.11.2024 06:50:52

HashiCorp Nomad and Nomad Enterprise 0.9.0 through 1.0.16, 1.1.11, and 1.2.5 allow operators with job-submit capabilities to use the spread stanza to panic server agents. Fixed in 1.0.18, 1.1.12, and 1.2.6.

5.9

CVE-2022-24686

  • EPSS 0.36%
  • Veröffentlicht 14.02.2022 14:15:08
  • Zuletzt bearbeitet 21.11.2024 06:50:52

HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.11, and 1.2.5 artifact download functionality has a race condition such that the Nomad client agent could download the wrong artifact into the wrong destination. Fixed in 1.0.18, 1.1.12, ...

8.8

CVE-2021-43415

  • EPSS 0.31%
  • Veröffentlicht 03.12.2021 22:15:07
  • Zuletzt bearbeitet 21.11.2024 06:29:11

HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. Fixed in 1.0.14, 1.1.8, and 1.2.1.

6.5

CVE-2021-41865

  • EPSS 0.46%
  • Veröffentlicht 07.10.2021 14:15:08
  • Zuletzt bearbeitet 21.11.2024 06:26:55

HashiCorp Nomad and Nomad Enterprise 1.1.1 through 1.1.5 allowed authenticated users with job submission capabilities to cause denial of service by submitting incomplete job specifications with a Consul mesh gateway and host networking mode. Fixed in...

8.8

CVE-2021-37218

  • EPSS 0.17%
  • Veröffentlicht 07.09.2021 12:15:07
  • Zuletzt bearbeitet 21.11.2024 06:14:53

HashiCorp Nomad and Nomad Enterprise Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.0.10 and 1.1.4.

6.5

CVE-2021-32575

  • EPSS 0.18%
  • Veröffentlicht 17.06.2021 19:15:07
  • Zuletzt bearbeitet 21.11.2024 06:07:18

HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge networking mode allows ARP spoofing from other bridged tasks on the same node. Fixed in 0.12.12, 1.0.5, and 1.1.0 RC1.

7.5

CVE-2021-3283

  • EPSS 0.39%
  • Veröffentlicht 01.02.2021 16:15:13
  • Zuletzt bearbeitet 21.11.2024 06:21:13

HashiCorp Nomad and Nomad Enterprise up to 0.12.9 exec and java task drivers can access processes associated with other tasks on the same node. Fixed in 0.12.10, and 1.0.3.