HashiCorp Nomad and Nomad Enterprise 0.9.2 through 1.0.17, 1.1.11, and 1.2.5 allow operators with read-fs and alloc-exec (or job-submit) capabilities to read arbitrary files on the host filesystem as root.
2022-02-17T17:15:09.567
2024-11-21T06:50:52.120
Modified
CVSSv3.1: 7.5 (HIGH)
AV:N/AC:L/Au:N/C:C/I:N/A:N
10.0
6.9
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | hashicorp | nomad | < 1.0.18 | Yes |
Application | hashicorp | nomad | < 1.0.18 | Yes |
Application | hashicorp | nomad | < 1.1.12 | Yes |
Application | hashicorp | nomad | < 1.1.12 | Yes |
Application | hashicorp | nomad | < 1.2.6 | Yes |
Application | hashicorp | nomad | < 1.2.6 | Yes |