Filtered by vendor Hashicorp
Subscriptions
Filtered by product Nomad
Subscriptions
Total
28 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-37218 | 1 Hashicorp | 1 Nomad | 2024-11-21 | 8.8 High |
| HashiCorp Nomad and Nomad Enterprise Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.0.10 and 1.1.4. | ||||
| CVE-2021-32575 | 1 Hashicorp | 1 Nomad | 2024-11-21 | 6.5 Medium |
| HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge networking mode allows ARP spoofing from other bridged tasks on the same node. Fixed in 0.12.12, 1.0.5, and 1.1.0 RC1. | ||||
| CVE-2020-7956 | 1 Hashicorp | 1 Nomad | 2024-11-21 | 9.8 Critical |
| HashiCorp Nomad and Nomad Enterprise up to 0.10.2 incorrectly validated role/region associated with TLS certificates used for mTLS RPC, and were susceptible to privilege escalation. Fixed in 0.10.3. | ||||
| CVE-2020-7218 | 1 Hashicorp | 1 Nomad | 2024-11-21 | 7.5 High |
| HashiCorp Nomad and Nonad Enterprise up to 0.10.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 0.10.3. | ||||
| CVE-2020-28348 | 1 Hashicorp | 1 Nomad | 2024-11-21 | 6.5 Medium |
| HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be subverted when not explicitly disabled or when using a volume mount type. Fixed in 0.12.8, 0.11.7, and 0.10.8. | ||||
| CVE-2020-27195 | 1 Hashicorp | 1 Nomad | 2024-11-21 | 9.1 Critical |
| HashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5 client file sandbox feature can be subverted using either the template or artifact stanzas. Fixed in 0.12.6, 0.11.5, and 0.10.6 | ||||
| CVE-2020-10944 | 1 Hashicorp | 1 Nomad | 2024-11-21 | 5.4 Medium |
| HashiCorp Nomad and Nomad Enterprise up to 0.10.4 contained a cross-site scripting vulnerability such that files from a malicious workload could cause arbitrary JavaScript to execute in the web UI. Fixed in 0.10.5. | ||||
| CVE-2019-12618 | 1 Hashicorp | 1 Nomad | 2024-11-21 | N/A |
| HashiCorp Nomad 0.9.0 through 0.9.1 has Incorrect Access Control via the exec driver. | ||||