HashiCorp Nomad Enterprise 安全漏洞

HashiCorp Nomad Enterprise is a professional version of a Nomad software from HashiCorp USA. A security vulnerability exists in HashiCorp Nomad Enterprise that stems from a policy override option bypassing the forced sentinel policy...

PT-2023-24122 · Hashicorp +1 · Hashicorp Nomad Enterprise +1

Name of the Vulnerable Software and Affected Versions: HashiCorp Nomad Enterprise versions 1.2.11 through 1.5.6 HashiCorp Nomad Enterprise version 1.4.10 Description: A vulnerability exists where the API caller's ACL token secret ID is exposed to Sentinel policies. Additionally, ACL policies usin...

PT-2020-17327 · Hashicorp · Hashicorp Vault Enterprise

Name of the Vulnerable Software and Affected Versions: HashiCorp Vault Enterprise versions prior to 1.5.6 HashiCorp Vault Enterprise versions prior to 1.6.1 Description: The issue concerns HashiCorp Vault Enterprise's Sentinel EGP policy feature, which incorrectly allowed requests to be processed...

CVE-2019-19879

HashiCorp Sentinel up to 0.10.1 incorrectly parsed negation in certain policy expressions. Fixed in 0.10.2...