Medium severity6.5NVD Advisory· Published Nov 24, 2020· Updated Jun 17, 2026
CVE-2020-28348
CVE-2020-28348
Description
HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be subverted when not explicitly disabled or when using a volume mount type. Fixed in 0.12.8, 0.11.7, and 0.10.8.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/hashicorp/nomadGo | >= 0.9.0, < 0.10.8 | 0.10.8 |
github.com/hashicorp/nomadGo | >= 0.11.0-beta1, < 0.11.7 | 0.11.7 |
github.com/hashicorp/nomadGo | >= 0.12.0-beta1, < 0.12.8 | 0.12.8 |
Affected products
2- HashiCorp/Nomad and Nomad Enterprisedescription
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-5x92-p4p5-33c4ghsaADVISORY
- github.com/hashicorp/nomad/blob/master/CHANGELOG.mdnvdRelease NotesThird Party AdvisoryWEB
- github.com/hashicorp/nomad/issues/9303nvdIssue TrackingThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2020-28348ghsaADVISORY
- discuss.hashicorp.com/t/nomad-0-12-8-0-11-7-and-0-10-8-released/17491ghsaWEB
- github.com/hashicorp/nomad/pull/9321ghsaWEB
News mentions
0No linked articles in our index yet.