8 matches found
CVE-2023-1782
HashiCorp Nomad and Nomad Enterprise versions 1.5.0 up to 1.5.2 allow unauthenticated users to bypass intended ACL authorizations for clusters where mTLS is not enabled. This issue is fixed in version 1.5.3...
CVE-2023-1782
HashiCorp Nomad and Nomad Enterprise versions 1.5.0 up to 1.5.2 allow unauthenticated users to bypass intended ACL authorizations for clusters where mTLS is not enabled. This issue is fixed in version 1.5.3...
CVE-2023-1782
Removed by vendor...
CVE-2023-1782
CVE-2023-1782 affects HashiCorp Nomad and Nomad Enterprise versions 1.5.0 through 1.5.2, where unauthenticated users can bypass ACL authorizations in clusters that do not use mTLS. Root cause: ACL bypass due to missing/authz checks under non-mTLS configurations. Impact is described as total acces...
CVE-2023-1782 Nomad Unauthenticated Client Agent HTTP Request Privilege Escalation
HashiCorp Nomad and Nomad Enterprise versions 1.5.0 up to 1.5.2 allow unauthenticated users to bypass intended ACL authorizations for clusters where mTLS is not enabled. This issue is fixed in version 1.5.3...
CVE-2023-1782
HashiCorp Nomad and Nomad Enterprise versions 1.5.0 up to 1.5.2 allow unauthenticated users to bypass intended ACL authorizations for clusters where mTLS is not enabled. This issue is fixed in version 1.5.3...
CVE-2023-1782 Nomad Unauthenticated Client Agent HTTP Request Privilege Escalation
HashiCorp Nomad and Nomad Enterprise versions 1.5.0 up to 1.5.2 allow unauthenticated users to bypass intended ACL authorizations for clusters where mTLS is not enabled. This issue is fixed in version 1.5.3...
Nomad Unauthenticated Client Agent HTTP Request Privilege Escalation
Summary A vulnerability was identified in Nomad and Nomad Enterprise “Nomad” such that an unauthenticated request sent to a client agent’s HTTP endpoint bypasses intended ACL authorizations when processed on server through internal RPCs. In doing so, unauthenticated HTTP requests can be used to...