Lucene search
K

67 matches found

OSV
OSV
added 2024/05/15 5:9 p.m.21 views

GHSA-V554-XWGW-HC3W source-controller leaks Azure Storage SAS token into logs

Impact When source-controller is configured to use an Azure SAS token when connecting to Azure Blob Storage, the token was logged along with the Azure URL when the controller encountered a connection error. An attacker with access to the source-controller logs could use the token to gain access t...

5.1CVSS5.1AI score0.00213EPSS
Exploits0References5
NVD
NVD
added 2024/05/15 4:15 p.m.38 views

CVE-2024-31216

The source-controller is a Kubernetes operator, specialised in artifacts acquisition from external sources such as Git, OCI, Helm repositories and S3-compatible buckets. The source-controller implements the source.toolkit.fluxcd.io API and is a core component of the GitOps toolkit. Prior to versi...

5.1CVSS5.2AI score0.00213EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/05/15 3:52 p.m.15 views

CVE-2024-31216 source-controller leaks theAzure Storage SAS token into logs on connection errors

The source-controller is a Kubernetes operator, specialised in artifacts acquisition from external sources such as Git, OCI, Helm repositories and S3-compatible buckets. The source-controller implements the source.toolkit.fluxcd.io API and is a core component of the GitOps toolkit. Prior to versi...

5.1CVSS5.2AI score0.00213EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/05/15 3:52 p.m.38 views

CVE-2024-31216 source-controller leaks theAzure Storage SAS token into logs on connection errors

The source-controller is a Kubernetes operator, specialised in artifacts acquisition from external sources such as Git, OCI, Helm repositories and S3-compatible buckets. The source-controller implements the source.toolkit.fluxcd.io API and is a core component of the GitOps toolkit. Prior to versi...

5.1CVSS5.5AI score0.00213EPSS
Exploits0References3
Veracode
Veracode
added 2023/03/15 3:49 a.m.30 views

Privilege Escalation

github.com/hashicorp/nomad is vulnerable to Privilege Escalation. A remote attacker with the submit-job ACL permission is able to escalate to management-level privileges using the workload identity and task API by submitting a job without ACL policies...

8.8CVSS8.3AI score0.00532EPSS
Exploits0References3Affected Software2
OSV
OSV
added 2023/03/14 3:30 p.m.30 views

GHSA-RQM8-Q8J9-662F Nomad Job Submitter Privilege Escalation Using Workload Identity

Summary A vulnerability was identified in Nomad and Nomad Enterprise “Nomad” such that a user with the submit-job ACL capability can submit a job that can escalate to management-level privileges. This vulnerability, CVE-2023-1299, was introduced in Nomad 1.5.0 and fixed in Nomad 1.5.1. Background...

8.8CVSS8AI score0.00532EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/03/14 3:30 p.m.38 views

Nomad Job Submitter Privilege Escalation Using Workload Identity

Summary A vulnerability was identified in Nomad and Nomad Enterprise “Nomad” such that a user with the submit-job ACL capability can submit a job that can escalate to management-level privileges. This vulnerability, CVE-2023-1299, was introduced in Nomad 1.5.0 and fixed in Nomad 1.5.1. Background...

8.8CVSS8.3AI score0.00532EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2023/03/14 3:15 p.m.12 views

CVE-2023-1299

HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter to escalate to management-level privileges using workload identity and task API. Fixed in 1.5.1...

8.8CVSS8.2AI score0.00532EPSS
Exploits0References1
OSV
OSV
added 2023/03/14 3:15 p.m.3 views

UBUNTU-CVE-2023-1299

HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter to escalate to management-level privileges using workload identity and task API. Fixed in 1.5.1...

8.8CVSS7.3AI score0.00532EPSS
Exploits0References3
Prion
Prion
added 2023/03/14 3:15 p.m.20 views

Denial of service

HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter to escalate to management-level privileges using workload identity and task API. Fixed in 1.5.1...

6.5CVSS8.7AI score0.00532EPSS
Exploits0References1Affected Software1
UbuntuCve
UbuntuCve
added 2023/03/14 3:15 p.m.25 views

CVE-2023-1299

HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter to escalate to management-level privileges using workload identity and task API. Fixed in 1.5.1...

8.8CVSS7.2AI score0.00532EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2023/03/14 2:46 p.m.48 views

CVE-2023-1299

HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter to escalate to management-level privileges using workload identity and task API. Fixed in 1.5.1...

8.8CVSS8.1AI score0.00532EPSS
Exploits0
OSV
OSV
added 2023/03/14 2:46 p.m.21 views

CVE-2023-1299 Nomad Job Submitter Privilege Escalation Using Workload Identity

HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter to escalate to management-level privileges using workload identity and task API. Fixed in 1.5.1...

7.4CVSS9AI score0.00532EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2023/03/14 2:46 p.m.25 views

CVE-2023-1299

Removed by vendor...

8.8CVSS8.7AI score0.00532EPSS
Exploits0
Cvelist
Cvelist
added 2023/03/14 2:46 p.m.21 views

CVE-2023-1299 Nomad Job Submitter Privilege Escalation Using Workload Identity

HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter to escalate to management-level privileges using workload identity and task API. Fixed in 1.5.1...

7.4CVSS9AI score0.00532EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/03/14 2:46 p.m.11 views

CVE-2023-1299 Nomad Job Submitter Privilege Escalation Using Workload Identity

HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter to escalate to management-level privileges using workload identity and task API. Fixed in 1.5.1...

7.4CVSS8.8AI score0.00532EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/03/14 12:0 a.m.9 views

HashiCorp Nomad 安全漏洞

HashiCorp Nomad is a simple and flexible scheduler and orchestrator from HashiCorp USA. It is used to manage containerized and non-containerized applications at scale, both locally and in the cloud. A security vulnerability exists in HashiCorp Nomad , Nomad Enterprise versions 1.4.0 through 1.5.0...

8.8CVSS7.9AI score0.00532EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/03/14 12:0 a.m.4 views

PT-2023-16871 · Hashicorp · Hashicorp Nomad +1

Name of the Vulnerable Software and Affected Versions: HashiCorp Nomad and Nomad Enterprise version 1.5.0 Description: A job submitter can escalate to management-level privileges using workload identity and task API. This issue was introduced due to the exposure of the workload identity token to...

8.8CVSS9.6AI score0.00532EPSS
Exploits0References12
Prion
Prion
added 2022/11/10 6:15 a.m.14 views

Denial of service

HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. Fixed in 1.4.2...

4CVSS4.6AI score0.00508EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/11/10 6:15 a.m.3 views

UBUNTU-CVE-2022-3866

HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. Fixed in 1.4.2...

5CVSS5.7AI score0.00508EPSS
Exploits0References3
Rows per page
Query Builder