Lucene search
K

6 matches found

OSV
OSV
added 2025/06/11 1:24 p.m.6 views

CVE-2025-4922 Nomad Vulnerable To Incorrect ACL Policy Lookup Attached To A Job

Nomad Community and Nomad Enterprise “Nomad” prefix-based ACL policy lookup can lead to incorrect rule application and shadowing. This vulnerability, identified as CVE-2025-4922, is fixed in Nomad Community Edition 1.10.2 and Nomad Enterprise 1.10.2, 1.9.10, and 1.8.14...

8.1CVSS6.6AI score0.00484EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/06/11 12:0 a.m.4 views

PT-2025-25213

Name of the Vulnerable Software and Affected Versions Hashicorp Nomad versions prior to 1.10.2 Hashicorp Nomad versions prior to 1.9.10 Hashicorp Nomad versions prior to 1.8.14 Description The issue is related to prefix-based ACL policy lookup in Nomad Community and Nomad Enterprise, which can le...

8.5CVSS6.8AI score0.00484EPSS
Exploits0References17
OSV
OSV
added 2025/03/10 6:2 p.m.7 views

CVE-2025-1296 Nomad Exposes Sensitive Workload Identity and Client Secret Token in Audit Logs

Nomad Community and Nomad Enterprise “Nomad” are vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs. This vulnerability, identified as CVE-2025-1296, is fixed in Nomad Community Edition 1.9.7 and Nomad Enterprise 1.9.7, 1.8.11, and 1.7.19...

6.5CVSS6.6AI score0.00449EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/12/20 3:30 a.m.15 views

Hashicorp Nomad Incorrect Privilege Assignment vulnerability

Nomad Community and Nomad Enterprise "Nomad" allocations are vulnerable to privilege escalation within a namespace through unredacted workload identity tokens. This vulnerability, identified as CVE-2024-12678, is fixed in Nomad Community Edition 1.9.4 and Nomad Enterprise 1.9.4, 1.8.8, and 1.7.16...

6.5CVSS7AI score0.0053EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2024/12/20 1:49 a.m.75 views

CVE-2024-12678

Nomad CVE-2024-12678 affects Nomad Community Edition and Nomad Enterprise allocations, where privilege escalation within a namespace can occur via unredacted workload identity tokens. Affected versions: Nomad Community Edition 1.9.4 and Nomad Enterprise 1.9.4, 1.8.8, and 1.7.16. Root cause: unred...

6.5CVSS6.6AI score0.0053EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/12/19 12:0 a.m.6 views

PT-2024-17712 · Hashicorp +2 · Hashicorp Nomad +2

Name of the Vulnerable Software and Affected Versions: Hashicorp Nomad versions prior to 1.9.4 Hashicorp Nomad versions prior to 1.8.8 Hashicorp Nomad versions prior to 1.7.16 Description: The issue is related to privilege escalation within a namespace through unredacted workload identity tokens...

9.9CVSS6.3AI score0.75197EPSS
Exploits5References67
Rows per page
Query Builder