HashiCorp Nomad 1.0.11

CPE Details

HashiCorp Nomad 1.0.11
hashicorp
nomad
1.0.11
2021-12-06
16h40 +00:00
2021-12-06
18h35 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:hashicorp:nomad:1.0.11:*:*:*:-:*:*:*

Informations

Vendor

hashicorp

Product

nomad

Version

1.0.11

Software Edition

-

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2023-3300 2023-07-19 23h35 +00:00 HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and 1.4.1.
5.3
Moyen
CVE-2023-3072 2023-07-19 23h34 +00:00 HashiCorp Nomad and Nomad Enterprise 0.7.0 up to 1.5.6 and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11.
4.1
Moyen
CVE-2023-0821 2023-02-16 21h23 +00:00 HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source can cause excessive disk usage. Fixed in 1.2.16, 1.3.9, and 1.4.4.
6.5
Moyen
CVE-2022-41606 2022-10-10 22h00 +00:00 HashiCorp Nomad and Nomad Enterprise 1.0.2 up to 1.2.12, and 1.3.5 jobs submitted with an artifact stanza using invalid S3 or GCS URLs can be used to crash client agents. Fixed in 1.2.13, 1.3.6, and 1.4.0.
6.5
Moyen
CVE-2022-30324 2022-05-27 12h48 +00:00 HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were impacted by go-getter vulnerabilities enabling privilege escalation through the artifact stanza in submitted jobs onto the client agent host. Fixed in 1.1.14, 1.2.8, and 1.3.1.
9.8
Critique
CVE-2022-24685 2022-02-28 12h26 +00:00 HashiCorp Nomad and Nomad Enterprise 1.0.17, 1.1.11, and 1.2.5 allow invalid HCL for the jobs parse endpoint, which may cause excessive CPU usage. Fixed in 1.0.18, 1.1.12, and 1.2.6.
7.5
Haute
CVE-2022-24683 2022-02-17 15h36 +00:00 HashiCorp Nomad and Nomad Enterprise 0.9.2 through 1.0.17, 1.1.11, and 1.2.5 allow operators with read-fs and alloc-exec (or job-submit) capabilities to read arbitrary files on the host filesystem as root.
7.5
Haute
CVE-2022-24684 2022-02-15 13h04 +00:00 HashiCorp Nomad and Nomad Enterprise 0.9.0 through 1.0.16, 1.1.11, and 1.2.5 allow operators with job-submit capabilities to use the spread stanza to panic server agents. Fixed in 1.0.18, 1.1.12, and 1.2.6.
6.5
Moyen
CVE-2022-24686 2022-02-14 12h54 +00:00 HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.11, and 1.2.5 artifact download functionality has a race condition such that the Nomad client agent could download the wrong artifact into the wrong destination. Fixed in 1.0.18, 1.1.12, and 1.2.6
5.9
Moyen
CVE-2021-43415 2021-12-03 20h20 +00:00 HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. Fixed in 1.0.14, 1.1.8, and 1.2.1.
8.8
Haute