13 matches found
Improper Authorization
github.com/hashicorp/nomad is vulnerable to Improper Authorization. The vulnerability is due to a lack of proper access controls in the search HTTP API, allowing unauthenticated users or users without the necessary policy to view the names of available CSI plugins...
GHSA-V5FM-HR72-27HX Nomad Search API Leaks Information About CSI Plugins
A vulnerability was identified in Nomad such that the search HTTP API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. This vulnerability, CVE-2023-3300, affects Nomad since 0.11 and was fixed in 1.6.0, 1.5.7, and 1.4.11...
Nomad Search API Leaks Information About CSI Plugins
A vulnerability was identified in Nomad such that the search HTTP API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. This vulnerability, CVE-2023-3300, affects Nomad since 0.11 and was fixed in 1.6.0, 1.5.7, and 1.4.11...
CVE-2023-3300
HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and 1.4.1...
CVE-2023-3300
HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and 1.4.1...
UBUNTU-CVE-2023-3300
HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and 1.4.1...
Denial of service
HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and 1.4.1...
CVE-2023-3300
HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and 1.4.1...
CVE-2023-3300 Nomad Search API Leaks Information About CSI Plugins
HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and 1.4.1...
CVE-2023-3300
HashiCorp Nomad and Nomad Enterprise expose a vulnerability (CVE-2023-3300) where the HTTP search API can reveal names of available CSI plugins to unauthenticated users or those without the plugin:read policy. Affected versions are Nomad/Nomad Enterprise 0.11.0 through 1.5.6 and 1.4.1. The issue ...
CVE-2023-3300
Removed by vendor...
CVE-2023-3300 Nomad Search API Leaks Information About CSI Plugins
HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and 1.4.1...
PT-2023-24131 · Hashicorp +1 · Hashicorp Nomad +2
Name of the Vulnerable Software and Affected Versions: HashiCorp Nomad and Nomad Enterprise versions 0.11.0 through 1.5.6 HashiCorp Nomad and Nomad Enterprise version 1.4.1 Description: A vulnerability in the HTTP search API can reveal names of available CSI plugins to unauthenticated users or...