HashiCorp Nomad 1.2.6 Enterprise Edition

CPE Details

HashiCorp Nomad 1.2.6 Enterprise Edition
hashicorp
nomad
1.2.6
2022-02-17
16h02 +00:00
2022-02-25
15h19 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:hashicorp:nomad:1.2.6:*:*:*:enterprise:*:*:*

Informations

Vendor

hashicorp

Product

nomad

Version

1.2.6

Software Edition

enterprise

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-3300 2023-07-19 23h35 +00:00 HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and 1.4.1.
5.3
Medium
CVE-2023-3072 2023-07-19 23h34 +00:00 HashiCorp Nomad and Nomad Enterprise 0.7.0 up to 1.5.6 and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11.
4.1
Medium
CVE-2023-0821 2023-02-16 21h23 +00:00 HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source can cause excessive disk usage. Fixed in 1.2.16, 1.3.9, and 1.4.4.
6.5
Medium
CVE-2022-41606 2022-10-10 22h00 +00:00 HashiCorp Nomad and Nomad Enterprise 1.0.2 up to 1.2.12, and 1.3.5 jobs submitted with an artifact stanza using invalid S3 or GCS URLs can be used to crash client agents. Fixed in 1.2.13, 1.3.6, and 1.4.0.
6.5
Medium
CVE-2022-30324 2022-05-27 12h48 +00:00 HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were impacted by go-getter vulnerabilities enabling privilege escalation through the artifact stanza in submitted jobs onto the client agent host. Fixed in 1.1.14, 1.2.8, and 1.3.1.
9.8
Critical