CVE-2021-43415
Summary
| CVE | CVE-2021-43415 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-12-03 22:15:00 UTC |
| Updated | 2023-08-08 14:22:00 UTC |
| Description | HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. Fixed in 1.0.14, 1.1.8, and 1.2.1. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| HashiCorp Blog | MISC | www.hashicorp.com | |
| HCSEC-2021-31 - Nomad QEMU Task Driver Allowed Paths Bypass with Job Args - Security - HashiCorp Discuss | MISC | discuss.hashicorp.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 502316 Alpine Linux Security Update for nomad