12 matches found
EUVD-2021-2424
Malware in sbrugna...
Bypass Restriction
HashiCorp Nomad and Nomad Enterprise with the QEMU task driver enabled is vulnerable to bypass restriction. It allows authenticated users with job submission capabilities to bypass the configured allowed image paths...
CVE-2021-43415
HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. Fixed in 1.0.14, 1.1.8, and 1.2.1...
Improper Authentication in HashiCorp Nomad
HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. Fixed in 1.0.14, 1.1.8, and 1.2.1...
GHSA-2JHH-5XM2-J4GF Improper Authentication in HashiCorp Nomad
HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. Fixed in 1.0.14, 1.1.8, and 1.2.1...
Design/Logic Flaw
HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. Fixed in 1.0.14, 1.1.8, and 1.2.1...
CVE-2021-43415
HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. Fixed in 1.0.14, 1.1.8, and 1.2.1...
CVE-2021-43415
CVE-2021-43415 affects HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0 when the QEMU task driver is enabled. Authenticated users with job submission capabilities could bypass the configured allowed image paths due to the underlying issue in the QEMU task driver handling. Fixed...
CVE-2021-43415
Removed by vendor...
CVE-2021-43415
HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. Fixed in 1.0.14, 1.1.8, and 1.2.1...
PT-2021-23842 · Hashicorp · Nomad Enterprise +1
Name of the Vulnerable Software and Affected Versions: HashiCorp Nomad and Nomad Enterprise versions 1.0.13 and earlier, 1.1.7 and earlier, 1.2.0 and earlier Description: The issue allowed authenticated users with job submission capabilities to bypass the configured allowed image paths when the...
Hashicorp Nomad 安全漏洞
Hashicorp Nomad is a distributed, data center-aware cluster and application scheduler from Hashicorp, USA. The program supports the deployment of microservices, batch, containerized and non-containerized applications. Hashicorp Nomad suffers from a security vulnerability that stems from an error...