Lucene search
K

Nomad's mTLS Authorization Mechanism Susceptible to Privilege Escalation

🗓️ 25 Nov 2020 18:55:29Reported by HashiCorp Security TeamType 
hashicorp
 hashicorp
🔗 discuss.hashicorp.com👁 5 Views

Nomad up to 0.10.2 mis-validated TLS role and region for mTLS RPC, enabling privilege escalation; upgrade to 0.10.3 or newer.

Related
Detection
ReporterTitlePublishedViews
Family
CVE
CVE-2020-7956
31 Jan 202012:43
cve
Cvelist
CVE-2020-7956
31 Jan 202012:43
cvelist
Debian CVE
CVE-2020-7956
31 Jan 202012:43
debiancve
EUVD
EUVD-2021-1046
7 Oct 202500:30
euvd
Github Security Blog
Improper Certificate Validation in HashiCorp Nomad
18 May 202118:20
github
NVD
CVE-2020-7956
31 Jan 202013:15
nvd
OSV
GHSA-CJ2H-WW36-V932 Improper Certificate Validation in HashiCorp Nomad
18 May 202118:20
osv
OSV
GO-2022-0821 Improper Certificate Validation in HashiCorp Nomad in github.com/hashicorp/nomad
21 Aug 202415:29
osv
OSV
UBUNTU-CVE-2020-7956
31 Jan 202013:15
osv
Prion
Privilege escalation
31 Jan 202013:15
prion
Rows per page
Vulners
Node
hashicorpnomadRange<0.10.3
OR
hashicorpnomadRange<0.10.3enterprise

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

25 Nov 2020 18:55Current
7.2High risk
Vulners AI Score7.2
CVSS 27.5
CVSS 3.19.8
EPSS0.00983
5