EPSS
Percentile
22.7%
github.com/hashicorp/nomad is vulnerable to information disclosure. The vulnerability is due to the library continuing to transmit updates to event stream subscribers using an ACL token when the TTL expiry time has lapsed.
discuss.hashicorp.com/t/hcsec-2022-26-nomad-s-event-stream-subscriber-using-acl-token-with-ttl-receive-updates-until-garbage-collected/46168
github.com/hashicorp/nomad/commit/a2d076e639803cedf9af28a954c7e09e090607af
github.com/hashicorp/nomad/issues/15013
github.com/hashicorp/nomad/pull/14976