Lucene search

K
cve[email protected]CVE-2023-3299
HistoryJul 20, 2023 - 12:15 a.m.

CVE-2023-3299

2023-07-2000:15:10
CWE-668
web.nvd.nist.gov
16
cve-2023-3299
hashicorp nomad enterprise
acl policies
security vulnerability

3.4 Low

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N

3.6 Low

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.9%

HashiCorp Nomad Enterprise 1.2.11 up to 1.5.6, and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11.

Affected configurations

NVD
Node
hashicorpnomadRange1.2.111.4.10-
OR
hashicorpnomadRange1.2.111.4.10enterprise
OR
hashicorpnomadRange1.5.01.5.6-
OR
hashicorpnomadRange1.5.01.5.6enterprise

CNA Affected

[
  {
    "vendor": "HashiCorp",
    "product": "Nomad Enterprise",
    "platforms": [
      "64 bit",
      "32 bit",
      "x86",
      "ARM",
      "MacOS",
      "Windows",
      "Linux"
    ],
    "versions": [
      {
        "status": "affected",
        "version": "1.2.11",
        "lessThanOrEqual": "1.4.10",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "1.2.11",
        "lessThanOrEqual": "1.5.6",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

3.4 Low

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N

3.6 Low

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.9%