Lucene search
GoogleOSV:GHSA-F8R8-H93M-MJ77HistoryApr 05, 2023 - 9:30 p.m.
HashiCorp Nomad vulnerable to unauthenticated client agent HTTP request privilege escalation
2023-04-0521:30:24
Google
osv.dev
7
0.001 Low
EPSS
Percentile
49.9%
HashiCorp Nomad and Nomad Enterprise versions 1.5.0 up to 1.5.2 allow unauthenticated users to bypass intended ACL authorizations for clusters where mTLS is not enabled. This issue is fixed in version 1.5.3.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/hashicorp/nomad | ge | 1.5.0 | |
| github.com/hashicorp/nomad | lt | 1.5.3 |
Related
alpinelinux
alpinelinux
CVE-2023-1782
2023-04-05 20:15:07
debiancve
debiancve
CVE-2023-1782
2023-04-05 20:15:00
veracode
veracode
Privilege Escalation
2023-04-11 09:34:44
cve
cve
CVE-2023-1782
2023-04-05 20:15:07
osv
osv
CVE-2023-1782
2023-04-05 20:15:07
prion
prion
Design/Logic Flaw
2023-04-05 20:15:00
github
github
ubuntucve
ubuntucve
CVE-2023-1782
2023-04-05 00:00:00
cvelist
cvelist
Nomad Unauthenticated Client Agent HTTP Request Privilege Escalation
2023-04-05 19:10:52