CVE-2025-1296 Nomad Exposes Sensitive Workload Identity and Client Secret Token in Audit Logs

Nomad Community and Nomad Enterprise “Nomad” are vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs. This vulnerability, identified as CVE-2025-1296, is fixed in Nomad Community Edition 1.9.7 and Nomad Enterprise 1.9.7, 1.8.11, and 1.7.19...

HashiCorp Nomad Enterprise 日志信息泄露漏洞

HashiCorp Nomad Enterprise is a professional version of Nomad software from HashiCorp, Inc. A log information disclosure vulnerability exists in HashiCorp Nomad Enterprise that stems from unintentional exposure of workload identity tokens and client key tokens in audit logs...

DEBIAN-CVE-2024-58057

In the Linux kernel, the following vulnerability has been resolved: idpf: convert workqueues to unbound When a workqueue is created with WQUNBOUND, its work items are served by special worker-pools, whose host workers are not bound to any specific CPU. In the default configuration i.e. when...

SUSE CVE-2025-21733

In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Fix resetting of tracepoints If a timerlat tracer is started with the osnoise option OSNOISEWORKLOAD disabled, but then that option is enabled and timerlat is removed, the tracepoints that were enabled on timerla...

CVE-2025-21733

In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Fix resetting of tracepoints If a timerlat tracer is started with the osnoise option OSNOISEWORKLOAD disabled, but then that option is enabled and timerlat is removed, the tracepoints that were enabled on timerla...

Security Bulletin: Multiple Vulnerabilities in containers of IBM Workload Scheduler component of IBM Workload Automation

Summary Multiple vulnerabilities, that impacts containers only, were addressed in IBM Workload Scheduler component of IBM Workload Automation 10.1.0.5 and 10.2.3 Vulnerability Details CVEID:CVE-2022-48564 DESCRIPTION: Python is vulnerable to a denial of service, caused by a flaw in the readints...

CVE-2022-22486

IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 226328...

CVE-2022-39388

Istio is an open platform to connect, manage, and secure microservices. In versions on the 1.15.x branch prior to 1.15.3, a user can impersonate any workload identity within the service mesh if they have localhost access to the Istiod control plane. Version 1.15.3 contains a patch for this issue...

Security Bulletin: vulnerability in Netty affects IBM Workload Scheduler.

Summary IBM Workload Scheduler is affected by a vulnerability in Netty that can cause denial of service CVE-2024-29025 Vulnerability Details CVEID:CVE-2024-29025 DESCRIPTION: Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance...

Cilium 安全漏洞

Cilium is an open source software from Cilium Open Source. It is used to provide and transparently secure network connectivity and load balancing between application workloads such as application containers or processes. Cilium has a security vulnerability. An attacker exploiting this vulnerabili...

Security Bulletin: vulnerability in Apache Commons HttpClient affects IBM Workload Automation.

Summary IBM Workload Automation is affected by a vulnerability in Apache Commons HttpClient that can cause Authorization Bypass CVE-2012-5783 Vulnerability Details CVEID:CVE-2012-5783 DESCRIPTION: Apache Commons HttpClient, as used in Amazon Flexible Payments Service FPS merchant Java SDK and oth...

Security Bulletin:Due to use of WebSphere Application Server traditional, IBM Workload Automation is vulnerable to a server-side request forgery (SSRF) vulnerability

Summary WebSphere Application Server traditional is used by IBM Workload Automation CVE-2024-22329 Vulnerability Details CVEID:CVE-2024-22329 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to server-side...

Security Bulletin: Due to use of IBM WebSphere Application Server, IBM Workload Automation is vulnerable to a server-side forgery attack,

Summary IBM WebSphere Application Server is used by IBM Workload Automation CVE-2024-22354 Vulnerability Details CVEID:CVE-2024-22354 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5 are vulnerable to an XML External...

Security Bulletin: Due to use of IBM WebSphere Application Server, IBM Workload Automation is vulnerable to a denial of service,

Summary IBM WebSphere Application Server is used by IBM Workload Automation CVE-2024-25026 Vulnerability Details CVEID:CVE-2024-25026 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 are vulnerable to a denial of service...

Security Bulletin: vulnerability in OpenSSL affects IBM Workload Automation.

Summary IBM Workload Automation has vulnerability in OpenSSL CVE-2024-4603 Vulnerability Details CVEID:CVE-2024-4603 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by improper input validation by the EVPPKEYparamcheck or EVPPKEYpubliccheck function. By parsing a specially craft...

Security Bulletin: vulnerability in libcURL affects IBM Workload Automation.

Summary IBM Workload Automation has vulnerability in libcURL CVE-2024-7264 Vulnerability Details CVEID:CVE-2024-7264 DESCRIPTION: cURL libcurl could allow a local attacker to obtain sensitive information, caused by an out-of-bounds read flaw in the the GTime2str function. By sending a specially...

Privilege Escalation

github.com/hashicorp/nomad is vulnerable to Privilege Escalation. The vulnerability is due to unredacted workload identity tokens that allow unauthorized privilege escalation within a namespace...

SUSE CVE-2024-12678

Nomad Community and Nomad Enterprise "Nomad" allocations are vulnerable to privilege escalation within a namespace through unredacted workload identity tokens. This vulnerability, identified as CVE-2024-12678, is fixed in Nomad Community Edition 1.9.4 and Nomad Enterprise 1.9.4, 1.8.8, and 1.7.16...

CVE-2024-12678

A flaw was found in hashicorp/nomad. Affected versions of this package are vulnerable to privilege escalation within a namespace through unredacted workload identity tokens...

GHSA-HR68-HVGV-XXQF Hashicorp Nomad Incorrect Privilege Assignment vulnerability

Nomad Community and Nomad Enterprise "Nomad" allocations are vulnerable to privilege escalation within a namespace through unredacted workload identity tokens. This vulnerability, identified as CVE-2024-12678, is fixed in Nomad Community Edition 1.9.4 and Nomad Enterprise 1.9.4, 1.8.8, and 1.7.16...