Known Vulnerabilities for Nomad by Hashicorp
Listed below are 10 of the newest known vulnerabilities associated with "Nomad" by "Hashicorp".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-3300 json | HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins t... | 5.3 - MEDIUM | 2023-07-20 | 2023-07-27 |
| CVE-2023-3299 json | HashiCorp Nomad Enterprise 1.2.11 up to 1.5.6, and 1.4.10 ACL policies using a block without a label generates unexpected ... | 2.7 - LOW | 2023-07-20 | 2023-07-27 |
| CVE-2023-3072 json | HashiCorp Nomad and Nomad Enterprise 0.7.0 up to 1.5.6 and 1.4.10 ACL policies using a block without a label generates unexpe... | 3.8 - LOW | 2023-07-20 | 2023-07-27 |
| CVE-2023-1782 json | HashiCorp Nomad and Nomad Enterprise versions 1.5.0 up to 1.5.2 allow unauthenticated users to bypass intended ACL authorizat... | 9.8 - CRITICAL | 2023-04-05 | 2023-04-12 |
| CVE-2023-1299 json | HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter to escalate to management-level privileges using workload id... | 8.8 - HIGH | 2023-03-14 | 2023-03-17 |
| CVE-2023-1296 json | HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.5.0 did not correctly enforce deny policies applied to a workload’s vari... | 5.3 - MEDIUM | 2023-03-14 | 2023-11-07 |
| CVE-2023-0821 json | HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source... | 6.5 - MEDIUM | 2023-02-16 | 2023-02-25 |
| CVE-2022-41606 json | HashiCorp Nomad and Nomad Enterprise 1.0.2 up to 1.2.12, and 1.3.5 jobs submitted with an artifact stanza using invalid S3 or... | 6.5 - MEDIUM | 2022-10-12 | 2022-10-13 |
| CVE-2022-30324 json | HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were impacted by go-getter vulnerabilities enabling privilege ... | 9.8 - CRITICAL | 2022-06-02 | 2022-06-10 |
| CVE-2022-24686 json | HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.11, and 1.2.5 artifact download functionality has a race condi... | 5.9 - MEDIUM | 2022-02-14 | 2022-05-11 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Hashicorp | Nomad | 1.0.4 | |||
| Application | Hashicorp | Nomad | 1.0.4 | |||
| Application | Hashicorp | Nomad | 1.0.3 | |||
| Application | Hashicorp | Nomad | 1.0.3 | |||
| Application | Hashicorp | Nomad | 1.0.2 | |||
| Application | Hashicorp | Nomad | 1.0.2 | |||
| Application | Hashicorp | Nomad | 1.0.1 | |||
| Application | Hashicorp | Nomad | 1.0.1 | |||
| Application | Hashicorp | Nomad | 1.0.0 | |||
| Application | Hashicorp | Nomad | 1.0.0 | |||
| Application | Hashicorp | Nomad | 1.0.0 | |||
| Application | Hashicorp | Nomad | 1.0.0 | |||
| Application | Hashicorp | Nomad | 1.0.0 | |||
| Application | Hashicorp | Nomad | 1.0.0 | |||
| Application | Hashicorp | Nomad | 1.0.0 | |||
| Application | Hashicorp | Nomad | 1.0.0 | |||
| Application | Hashicorp | Nomad | 0.9.7 | |||
| Application | Hashicorp | Nomad | 0.9.7 | |||
| Application | Hashicorp | Nomad | 0.9.6 | |||
| Application | Hashicorp | Nomad | 0.9.6 |