Hashicorp Nomad Access Control Issues

2022-05-2416:53:08

Google

osv.dev

0.005 Low

EPSS

Percentile

76.0%

HashiCorp Nomad 0.9.0 through 0.9.1 has Incorrect Access Control via the exec driver.

CPENameOperatorVersion
github.com/hashicorp/nomadlt0.9.2
github.com/hashicorp/nomadge0.9.0

CPE	Name	Operator	Version
	github.com/hashicorp/nomad	lt	0.9.2
	github.com/hashicorp/nomad	ge	0.9.0

References

github.com/hashicorp/nomad

github.com/hashicorp/nomad/issues/5783

nvd.nist.gov/vuln/detail/CVE-2019-12618

www.hashicorp.com/blog/category/nomad

www.hashicorp.com/blog/hashicorp-nomad-0-9-2

0.005 Low

EPSS

Percentile

76.0%

Related for OSV:GHSA-2W2V-XCR9-MJ4M