6 matches found
CVE-2025-4922 Nomad Vulnerable To Incorrect ACL Policy Lookup Attached To A Job
Nomad Community and Nomad Enterprise “Nomad” prefix-based ACL policy lookup can lead to incorrect rule application and shadowing. This vulnerability, identified as CVE-2025-4922, is fixed in Nomad Community Edition 1.10.2 and Nomad Enterprise 1.10.2, 1.9.10, and 1.8.14...
PT-2025-25213
Name of the Vulnerable Software and Affected Versions Hashicorp Nomad versions prior to 1.10.2 Hashicorp Nomad versions prior to 1.9.10 Hashicorp Nomad versions prior to 1.8.14 Description The issue is related to prefix-based ACL policy lookup in Nomad Community and Nomad Enterprise, which can le...
CVE-2025-1296 Nomad Exposes Sensitive Workload Identity and Client Secret Token in Audit Logs
Nomad Community and Nomad Enterprise “Nomad” are vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs. This vulnerability, identified as CVE-2025-1296, is fixed in Nomad Community Edition 1.9.7 and Nomad Enterprise 1.9.7, 1.8.11, and 1.7.19...
Hashicorp Nomad Incorrect Privilege Assignment vulnerability
Nomad Community and Nomad Enterprise "Nomad" allocations are vulnerable to privilege escalation within a namespace through unredacted workload identity tokens. This vulnerability, identified as CVE-2024-12678, is fixed in Nomad Community Edition 1.9.4 and Nomad Enterprise 1.9.4, 1.8.8, and 1.7.16...
CVE-2024-12678
Nomad CVE-2024-12678 affects Nomad Community Edition and Nomad Enterprise allocations, where privilege escalation within a namespace can occur via unredacted workload identity tokens. Affected versions: Nomad Community Edition 1.9.4 and Nomad Enterprise 1.9.4, 1.8.8, and 1.7.16. Root cause: unred...
PT-2024-17712 · Hashicorp +2 · Hashicorp Nomad +2
Name of the Vulnerable Software and Affected Versions: Hashicorp Nomad versions prior to 1.9.4 Hashicorp Nomad versions prior to 1.8.8 Hashicorp Nomad versions prior to 1.7.16 Description: The issue is related to privilege escalation within a namespace through unredacted workload identity tokens...