Linux Distros Unpatched Vulnerability : CVE-2022-3867

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 event stream subscribers using a token with TTL receive updates until token garbage is collected. Fixed i...

Linux Distros Unpatched Vulnerability : CVE-2022-24685

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp Nomad and Nomad Enterprise 1.0.17, 1.1.11, and 1.2.5 allow invalid HCL for the jobs parse endpoint, which may cause excessive CPU usage. Fixed in...

Linux Distros Unpatched Vulnerability : CVE-2019-12618

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp Nomad 0.9.0 through 0.9.1 has Incorrect Access Control via the exec driver. CVE-2019-12618 Note that Nessus relies on the presence of the package as...

Linux Distros Unpatched Vulnerability : CVE-2021-41865

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HashiCorp Nomad and Nomad Enterprise 1.1.1 through 1.1.5 allowed authenticated users with job submission capabilities to cause denial of service by submitting...

CVE-2025-1296

Nomad Community and Nomad Enterprise “Nomad” are vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs. This vulnerability, identified as CVE-2025-1296, is fixed in Nomad Community Edition 1.9.7 and Nomad Enterprise 1.9.7, 1.8.11, and 1.7.19...

HashiCorp Nomad is vulnerable to path escape through archive unpacking during migration

HashiCorp Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 1.8.1 archive unpacking during migration is vulnerable to path escaping of the allocation directory. This vulnerability, CVE-2024-6717, is fixed in Nomad 1.6.13, 1.7.10, and 1.8.2...

PT-2022-24518 · Hashicorp · Nomad Enterprise +1

Name of the Vulnerable Software and Affected Versions: HashiCorp Nomad and Nomad Enterprise versions 1.4.0 through 1.4.1 Description: The issue affects event stream subscribers using a token with TTL, allowing them to receive updates until token garbage is collected. Recommendations: For versions...

PT-2021-23842 · Hashicorp · Nomad Enterprise +1

Name of the Vulnerable Software and Affected Versions: HashiCorp Nomad and Nomad Enterprise versions 1.0.13 and earlier, 1.1.7 and earlier, 1.2.0 and earlier Description: The issue allowed authenticated users with job submission capabilities to bypass the configured allowed image paths when the...

PT-2020-16990 · Hashicorp +1 · Nomad +2

Name of the Vulnerable Software and Affected Versions: HashiCorp Nomad and Nomad Enterprise versions 0.9.0 through 0.12.7 Description: The client Docker file sandbox feature in HashiCorp Nomad and Nomad Enterprise may be subverted when not explicitly disabled or when using a volume mount type. Th...