7 matches found
CVE-2022-3866
HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. Fixed in 1.4.2...
CVE-2022-3866
HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. Fixed in 1.4.2...
UBUNTU-CVE-2022-3866
HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. Fixed in 1.4.2...
CVE-2022-3866 Nomad Workload Identity Token Can List Non-sensitive Metadata for Paths Under nomad/
HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. Fixed in 1.4.2...
CVE-2022-3866 Nomad Workload Identity Token Can List Non-sensitive Metadata for Paths Under nomad/
HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. Fixed in 1.4.2...
CVE-2022-3866
CVE-2022-3866 affects HashiCorp Nomad and Nomad Enterprise versions 1.4.0 through 1.4.1, where the workload identity token could list non-sensitive metadata for paths under the nomad/ namespace that belong to other jobs in the same namespace. The issue is fixed in version 1.4.2. The documented im...
Nomad’s Workload Identity Token Can List Non-sensitive Metadata For nomad/ Paths
Summary A vulnerability was identified in Nomad and Nomad Enterprise “Nomad” such that a workload identity token can list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace.This vulnerability, CVE-2022-3866, was fixed in Nomad 1.4.2. Background Nomad’s...