HashiCorp Nomad 1.5.0

CPE Details

HashiCorp Nomad 1.5.0
hashicorp
nomad
1.5.0
2023-03-16
13h27 +00:00
2023-05-02
17h49 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:hashicorp:nomad:1.5.0:*:*:*:-:*:*:*

Informations

Vendor

hashicorp

Product

nomad

Version

1.5.0

Software Edition

-

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-3300 2023-07-19 23h35 +00:00 HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and 1.4.1.
5.3
Medium
CVE-2023-3299 2023-07-19 23h35 +00:00 HashiCorp Nomad Enterprise 1.2.11 up to 1.5.6, and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11.
3.4
Low
CVE-2023-3072 2023-07-19 23h34 +00:00 HashiCorp Nomad and Nomad Enterprise 0.7.0 up to 1.5.6 and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11.
4.1
Medium
CVE-2023-1782 2023-04-05 19h10 +00:00 HashiCorp Nomad and Nomad Enterprise versions 1.5.0 up to 1.5.2 allow unauthenticated users to bypass intended ACL authorizations for clusters where mTLS is not enabled. This issue is fixed in version 1.5.3.
10
Critical
CVE-2023-1299 2023-03-14 14h46 +00:00 HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter to escalate to management-level privileges using workload identity and task API. Fixed in 1.5.1.
8.8
High
CVE-2023-1296 2023-03-14 14h45 +00:00 HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.5.0 did not correctly enforce deny policies applied to a workload’s variables. Fixed in 1.4.6 and 1.5.1.
5.3
Medium