67 matches found
GHSA-V554-XWGW-HC3W source-controller leaks Azure Storage SAS token into logs
Impact When source-controller is configured to use an Azure SAS token when connecting to Azure Blob Storage, the token was logged along with the Azure URL when the controller encountered a connection error. An attacker with access to the source-controller logs could use the token to gain access t...
CVE-2024-31216
The source-controller is a Kubernetes operator, specialised in artifacts acquisition from external sources such as Git, OCI, Helm repositories and S3-compatible buckets. The source-controller implements the source.toolkit.fluxcd.io API and is a core component of the GitOps toolkit. Prior to versi...
CVE-2024-31216 source-controller leaks theAzure Storage SAS token into logs on connection errors
The source-controller is a Kubernetes operator, specialised in artifacts acquisition from external sources such as Git, OCI, Helm repositories and S3-compatible buckets. The source-controller implements the source.toolkit.fluxcd.io API and is a core component of the GitOps toolkit. Prior to versi...
CVE-2024-31216 source-controller leaks theAzure Storage SAS token into logs on connection errors
The source-controller is a Kubernetes operator, specialised in artifacts acquisition from external sources such as Git, OCI, Helm repositories and S3-compatible buckets. The source-controller implements the source.toolkit.fluxcd.io API and is a core component of the GitOps toolkit. Prior to versi...
Privilege Escalation
github.com/hashicorp/nomad is vulnerable to Privilege Escalation. A remote attacker with the submit-job ACL permission is able to escalate to management-level privileges using the workload identity and task API by submitting a job without ACL policies...
GHSA-RQM8-Q8J9-662F Nomad Job Submitter Privilege Escalation Using Workload Identity
Summary A vulnerability was identified in Nomad and Nomad Enterprise “Nomad” such that a user with the submit-job ACL capability can submit a job that can escalate to management-level privileges. This vulnerability, CVE-2023-1299, was introduced in Nomad 1.5.0 and fixed in Nomad 1.5.1. Background...
Nomad Job Submitter Privilege Escalation Using Workload Identity
Summary A vulnerability was identified in Nomad and Nomad Enterprise “Nomad” such that a user with the submit-job ACL capability can submit a job that can escalate to management-level privileges. This vulnerability, CVE-2023-1299, was introduced in Nomad 1.5.0 and fixed in Nomad 1.5.1. Background...
CVE-2023-1299
HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter to escalate to management-level privileges using workload identity and task API. Fixed in 1.5.1...
UBUNTU-CVE-2023-1299
HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter to escalate to management-level privileges using workload identity and task API. Fixed in 1.5.1...
Denial of service
HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter to escalate to management-level privileges using workload identity and task API. Fixed in 1.5.1...
CVE-2023-1299
HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter to escalate to management-level privileges using workload identity and task API. Fixed in 1.5.1...
CVE-2023-1299
HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter to escalate to management-level privileges using workload identity and task API. Fixed in 1.5.1...
CVE-2023-1299 Nomad Job Submitter Privilege Escalation Using Workload Identity
HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter to escalate to management-level privileges using workload identity and task API. Fixed in 1.5.1...
CVE-2023-1299
Removed by vendor...
CVE-2023-1299 Nomad Job Submitter Privilege Escalation Using Workload Identity
HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter to escalate to management-level privileges using workload identity and task API. Fixed in 1.5.1...
CVE-2023-1299 Nomad Job Submitter Privilege Escalation Using Workload Identity
HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter to escalate to management-level privileges using workload identity and task API. Fixed in 1.5.1...
HashiCorp Nomad 安全漏洞
HashiCorp Nomad is a simple and flexible scheduler and orchestrator from HashiCorp USA. It is used to manage containerized and non-containerized applications at scale, both locally and in the cloud. A security vulnerability exists in HashiCorp Nomad , Nomad Enterprise versions 1.4.0 through 1.5.0...
PT-2023-16871 · Hashicorp · Hashicorp Nomad +1
Name of the Vulnerable Software and Affected Versions: HashiCorp Nomad and Nomad Enterprise version 1.5.0 Description: A job submitter can escalate to management-level privileges using workload identity and task API. This issue was introduced due to the exposure of the workload identity token to...
Denial of service
HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. Fixed in 1.4.2...
UBUNTU-CVE-2022-3866
HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. Fixed in 1.4.2...