Lucene search

Ubuntu.comUB:CVE-2022-3867

HistoryNov 10, 2022 - 12:00 a.m.

CVE-2022-3867

2022-11-1000:00:00

ubuntu.com

hashicorp nomad

nomad enterprise

event stream

subscribers

token vulnerability

unix

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

22.7%

JSON

HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 event stream
subscribers using a token with TTL receive updates until token garbage is
collected. Fixed in 1.4.2.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchnomad< anyUNKNOWN
ubuntu20.04noarchnomad< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	nomad	< any	UNKNOWN
ubuntu	20.04	noarch	nomad	< any	UNKNOWN

References

discuss.hashicorp.com/t/hcsec-2022-26-nomad-s-event-stream-subscriber-using-acl-token-with-ttl-receive-updates-until-garbage-collected/46168

launchpad.net/bugs/cve/CVE-2022-3867

nvd.nist.gov/vuln/detail/CVE-2022-3867

security-tracker.debian.org/tracker/CVE-2022-3867

www.cve.org/CVERecord?id=CVE-2022-3867

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS

0.001

Percentile

22.7%

JSON

Related for UB:CVE-2022-3867