CVE-2023-3299

2023-07-2000:15:10

CWE-668

[email protected]

web.nvd.nist.gov

cve-2023-3299

hashicorp nomad enterprise

acl policies

security vulnerability

CVSS3

3.4

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N

AI Score

3.6

Confidence

High

EPSS

0.001

Percentile

21.5%

JSON

HashiCorp Nomad Enterprise 1.2.11 up to 1.5.6, and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11.

Affected configurations

NVD

Node

hashicorpnomadRange1.2.11–1.4.10-

hashicorpnomadRange1.2.11–1.4.10enterprise

hashicorpnomadRange1.5.0–1.5.6-

hashicorpnomadRange1.5.0–1.5.6enterprise

VendorProductVersionCPE
hashicorpnomadcpe:/a:hashicorp:nomad:::enterprise:
hashicorpnomadcpe:/a:hashicorp:nomad:::-:

Vendor	Product	Version	CPE
hashicorp	nomad		cpe:/a:hashicorp:nomad:::enterprise:
hashicorp	nomad		cpe:/a:hashicorp:nomad:::-:

CNA Affected

[
  {
    "vendor": "HashiCorp",
    "product": "Nomad Enterprise",
    "platforms": [
      "64 bit",
      "32 bit",
      "x86",
      "ARM",
      "MacOS",
      "Windows",
      "Linux"
    ],
    "versions": [
      {
        "status": "affected",
        "version": "1.2.11",
        "lessThanOrEqual": "1.4.10",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "1.2.11",
        "lessThanOrEqual": "1.5.6",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]