Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2023-3300HistoryJul 20, 2023 - 12:15 a.m.
CVE-2023-3300
2023-07-2000:15:00
Debian Security Bug Tracker
security-tracker.debian.org
4
cve-2023-3300
hashicorp nomad
nomad enterprise
http search api
csi plugins
unauthenticated users
plugin:read policy
fixed version
unix
0.001 Low
EPSS
Percentile
23.5%
HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and 1.4.1.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 11 | all | nomad | <= 0.12.10+dfsg1-3 | nomad_0.12.10+dfsg1-3_all.deb |
Related
osv
osv
CSI plugin names disclosure in github.com/hashicorp/nomad
2024-04-04 18:42:42
Nomad Search API Leaks Information About CSI Plugins
2023-07-20 00:30:25
CVE-2023-3300
2023-07-20 00:15:10
veracode
veracode
Improper Authorization
2024-04-08 06:08:58
github
github
Nomad Search API Leaks Information About CSI Plugins
2023-07-20 00:30:25
ubuntucve
ubuntucve
CVE-2023-3300
2023-07-20 00:00:00
cvelist
cvelist
CVE-2023-3300 Nomad Search API Leaks Information About CSI Plugins
2023-07-19 23:35:26
cve
cve
CVE-2023-3300
2023-07-20 00:15:10
nvd
nvd
CVE-2023-3300
2023-07-20 00:15:10
prion
prion
Denial of service
2023-07-20 00:15:00