HashiCorp Nomad 1.5.0 Enterprise Edition

CPE Details

HashiCorp Nomad 1.5.0 Enterprise Edition
hashicorp
nomad
1.5.0
2023-03-16
13h27 +00:00
2023-05-02
17h49 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:hashicorp:nomad:1.5.0:*:*:*:enterprise:*:*:*

Informations

Vendor

hashicorp

Product

nomad

Version

1.5.0

Software Edition

enterprise

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2023-3300 2023-07-19 23h35 +00:00 HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and 1.4.1.
5.3
Moyen
CVE-2023-3299 2023-07-19 23h35 +00:00 HashiCorp Nomad Enterprise 1.2.11 up to 1.5.6, and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11.
3.4
Bas
CVE-2023-3072 2023-07-19 23h34 +00:00 HashiCorp Nomad and Nomad Enterprise 0.7.0 up to 1.5.6 and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11.
4.1
Moyen
CVE-2023-1782 2023-04-05 19h10 +00:00 HashiCorp Nomad and Nomad Enterprise versions 1.5.0 up to 1.5.2 allow unauthenticated users to bypass intended ACL authorizations for clusters where mTLS is not enabled. This issue is fixed in version 1.5.3.
10
Critique
CVE-2023-1299 2023-03-14 14h46 +00:00 HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter to escalate to management-level privileges using workload identity and task API. Fixed in 1.5.1.
8.8
Haute
CVE-2023-1296 2023-03-14 14h45 +00:00 HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.5.0 did not correctly enforce deny policies applied to a workload’s variables. Fixed in 1.4.6 and 1.5.1.
5.3
Moyen