Lucene search

Ubuntu.comUB:CVE-2023-3072

HistoryJul 20, 2023 - 12:00 a.m.

CVE-2023-3072

2023-07-2000:00:00

ubuntu.com

cve-2023-3072

hashicorp nomad

nomad enterprise

acl policies

label

unexpected results

fixed version

unix

4.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L

0.0005 Low

EPSS

Percentile

18.1%

JSON

HashiCorp Nomad and Nomad Enterprise 0.7.0 up to 1.5.6 and 1.4.10 ACL
policies using a block without a label generates unexpected results. Fixed
in 1.6.0, 1.5.7, and 1.4.11.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchnomad< anyUNKNOWN
ubuntu20.04noarchnomad< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	nomad	< any	UNKNOWN
ubuntu	20.04	noarch	nomad	< any	UNKNOWN

References

discuss.hashicorp.com/t/hcsec-2023-20-nomad-acl-policies-without-label-are-applied-to-unexpected-resources/56270

launchpad.net/bugs/cve/CVE-2023-3072

nvd.nist.gov/vuln/detail/CVE-2023-3072

security-tracker.debian.org/tracker/CVE-2023-3072

www.cve.org/CVERecord?id=CVE-2023-3072

4.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L

0.0005 Low

EPSS

Percentile

18.1%

JSON

Related for UB:CVE-2023-3072