ACL security vulnerability in github.com/hashicorp/nomad

2024-04-0418:42:48

Google

osv.dev

acl

security

vulnerability

nomad

scheduler

github

hashic-horp

distributed

highly available

unexpected resources

acl policy

4.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L

7.1 High

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

18.1%

JSON

An ACL policy using a block without label can be applied to unexpected resources in Nomad, a distributed, highly available scheduler designed for effortless operations and management of applications.

CPENameOperatorVersion
github.com/hashicorp/nomadge0.7.0
github.com/hashicorp/nomadge1.5.0
github.com/hashicorp/nomadlt1.5.6
github.com/hashicorp/nomadlt1.4.11