0.001 Low
EPSS
Percentile
42.9%
HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. Fixed in 1.0.14, 1.1.8, and 1.2.1.
discuss.hashicorp.com/t/hcsec-2021-31-nomad-qemu-task-driver-allowed-paths-bypass-with-job-args/32288
github.com/hashicorp/nomad
nvd.nist.gov/vuln/detail/CVE-2021-43415
www.hashicorp.com/blog/category/nomad