Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-14802

HashiCorp Nomad 0.5.0 through 0.9.4 (fixed in 0.9.5) reveals unintended environment variables to the rendering task during template rendering, aka GHSA-6hv3-7c34-4hx8. This applies to nomad/client/allocrunner/taskrunner/template.

Published

2022-12-26T21:15:10.327

Last Modified

2025-04-14T18:15:18.280

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

Weaknesses

Type: Primary
NVD-CWE-noinfo
Type: Secondary
CWE-200

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	hashicorp	nomad	< 0.9.5	Yes

References

https://advisories.gitlab.com/advisory/advgo_github_com_hashicorp_nomad_client_allocrunner_taskrunner_template_GMS_2022_818.html Third Party Advisory ([email protected])
https://www.hashicorp.com/blog/category/nomad Product, Vendor Advisory ([email protected])
https://advisories.gitlab.com/advisory/advgo_github_com_hashicorp_nomad_client_allocrunner_taskrunner_template_GMS_2022_818.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.hashicorp.com/blog/category/nomad Product, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)