0.001 Low
EPSS
Percentile
42.9%
HashiCorp Nomad and Nomad Enterprise with the QEMU task driver enabled is vulnerable to bypass restriction. It allows authenticated users with job submission capabilities to bypass the configured allowed image paths.
discuss.hashicorp.com/t/hcsec-2021-31-nomad-qemu-task-driver-allowed-paths-bypass-with-job-args/32288
secdb.alpinelinux.org/edge/community.yaml
www.hashicorp.com/blog/category/nomad