Hashicorp Nomad 0.9.0 Enterprise Edition

CPE Details

Hashicorp Nomad 0.9.0 Enterprise Edition
hashicorp
nomad
0.9.0
2020-12-16
13h19 +00:00
2020-12-16
13h19 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:hashicorp:nomad:0.9.0:*:*:*:enterprise:*:*:*

Informations

Vendor

hashicorp

Product

nomad

Version

0.9.0

Software Edition

enterprise

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-3072 2023-07-19 23h34 +00:00 HashiCorp Nomad and Nomad Enterprise 0.7.0 up to 1.5.6 and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11.
4.1
Medium
CVE-2023-0821 2023-02-16 21h23 +00:00 HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source can cause excessive disk usage. Fixed in 1.2.16, 1.3.9, and 1.4.4.
6.5
Medium
CVE-2022-30324 2022-05-27 12h48 +00:00 HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were impacted by go-getter vulnerabilities enabling privilege escalation through the artifact stanza in submitted jobs onto the client agent host. Fixed in 1.1.14, 1.2.8, and 1.3.1.
9.8
Critical
CVE-2022-24684 2022-02-15 13h04 +00:00 HashiCorp Nomad and Nomad Enterprise 0.9.0 through 1.0.16, 1.1.11, and 1.2.5 allow operators with job-submit capabilities to use the spread stanza to panic server agents. Fixed in 1.0.18, 1.1.12, and 1.2.6.
6.5
Medium
CVE-2022-24686 2022-02-14 12h54 +00:00 HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.11, and 1.2.5 artifact download functionality has a race condition such that the Nomad client agent could download the wrong artifact into the wrong destination. Fixed in 1.0.18, 1.1.12, and 1.2.6
5.9
Medium
CVE-2021-37218 2021-09-07 09h40 +00:00 HashiCorp Nomad and Nomad Enterprise Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.0.10 and 1.1.4.
8.8
High
CVE-2021-32575 2021-06-17 16h28 +00:00 HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge networking mode allows ARP spoofing from other bridged tasks on the same node. Fixed in 0.12.12, 1.0.5, and 1.1.0 RC1.
6.5
Medium
CVE-2021-3283 2021-02-01 14h36 +00:00 HashiCorp Nomad and Nomad Enterprise up to 0.12.9 exec and java task drivers can access processes associated with other tasks on the same node. Fixed in 0.12.10, and 1.0.3.
7.5
High
CVE-2020-28348 2020-11-24 01h31 +00:00 HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be subverted when not explicitly disabled or when using a volume mount type. Fixed in 0.12.8, 0.11.7, and 0.10.8.
6.5
Medium
CVE-2020-27195 2020-10-22 14h19 +00:00 HashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5 client file sandbox feature can be subverted using either the template or artifact stanzas. Fixed in 0.12.6, 0.11.5, and 0.10.6
9.1
Critical
CVE-2020-10944 2020-04-28 11h29 +00:00 HashiCorp Nomad and Nomad Enterprise up to 0.10.4 contained a cross-site scripting vulnerability such that files from a malicious workload could cause arbitrary JavaScript to execute in the web UI. Fixed in 0.10.5.
5.4
Medium
CVE-2020-7956 2020-01-31 11h43 +00:00 HashiCorp Nomad and Nomad Enterprise up to 0.10.2 incorrectly validated role/region associated with TLS certificates used for mTLS RPC, and were susceptible to privilege escalation. Fixed in 0.10.3.
9.8
Critical
CVE-2020-7218 2020-01-31 11h26 +00:00 HashiCorp Nomad and Nonad Enterprise up to 0.10.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 0.10.3.
7.5
High
CVE-2019-12618 2019-08-12 14h49 +00:00 HashiCorp Nomad 0.9.0 through 0.9.1 has Incorrect Access Control via the exec driver.
9.8
Critical