Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2022-3866HistoryNov 10, 2022 - 6:15 a.m.
CVE-2022-3866
2022-11-1006:15:00
Debian Security Bug Tracker
security-tracker.debian.org
17
hashicorp nomad
nomad enterprise
workload identity
token
exposure
metadata
namespace
fix
0.001 Low
EPSS
Percentile
22.9%
HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. Fixed in 1.4.2.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 11 | all | nomad | < 0.12.10+dfsg1-3 | nomad_0.12.10+dfsg1-3_all.deb |
Related
osv
osv
CVE-2022-3866
2022-11-10 06:15:09
HashiCorp Nomad vulnerable to non-sensitive metadata exposure
2022-11-10 12:01:03
github
github
HashiCorp Nomad vulnerable to non-sensitive metadata exposure
2022-11-10 12:01:03
veracode
veracode
Information Disclosure
2022-11-11 06:46:36
nvd
nvd
CVE-2022-3866
2022-11-10 06:15:09
cve
cve
CVE-2022-3866
2022-11-10 06:15:09
ubuntucve
ubuntucve
CVE-2022-3866
2022-11-10 00:00:00
prion
prion
Denial of service
2022-11-10 06:15:00
cvelist
cvelist