4 matches found
UBUNTU-CVE-2022-3866
HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. Fixed in 1.4.2...
HashiCorp Nomad 安全漏洞
HashiCorp Nomad is a simple and flexible scheduler and orchestrator from HashiCorp USA. for managing containerized and non-containerized applications at scale, both locally and in the cloud. A security vulnerability exists in HashiCorp Nomad and Nomad Enterprise versions 1.4.0 through 1.4.1, whic...
PT-2022-24509 · Hashicorp · Nomad Enterprise +1
Name of the Vulnerable Software and Affected Versions: HashiCorp Nomad and Nomad Enterprise versions 1.4.0 through 1.4.1 Description: The issue allows a workload identity token to list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. Recommendations:...
The vulnerability of Containerd’s execution environment, related to the lack of privilege checks for containers with UID 0 in the same namespace as the shim, allows a attacker to access confidential data and compromise its integrity.
The vulnerability of Containerd’s execution environment is related to the lack of privilege checks for containers with UID 0 in the same namespace as the shim. Exploiting this vulnerability allows an attacker to access confidential data and compromise its integrity...