CVE-2021-37218
Description
HashiCorp Nomad and Nomad Enterprise Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.0.10 and 1.1.4.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Nomad Raft RPC layer allows non-server agents with valid CA-signed certificate to access server-only functionality, enabling privilege escalation.
Vulnerability
HashiCorp Nomad and Nomad Enterprise through versions 1.1.3 (and prior to 1.0.10) contain a vulnerability in the Raft RPC layer. The mTLS authentication logic does not properly distinguish between server and client certificates signed by the same Nomad CA, allowing non-server agents to access server-only Raft RPC functionality [1][3].
Exploitation
An attacker must possess a valid client certificate signed by the same Nomad CA as the server agents. With such a certificate, the attacker can directly communicate with the server agent's Raft RPC layer, bypassing the intended access controls [3]. No additional authentication or user interaction is required beyond possessing the certificate.
Impact
Successful exploitation enables privilege escalation: a non-server agent (client) can access server-only RPC functionality, potentially allowing the attacker to perform actions reserved for server agents, such as cluster management operations [1][3]. This could lead to full compromise of the Nomad cluster.
Mitigation
The vulnerability is fixed in Nomad and Nomad Enterprise versions 1.0.10 and 1.1.4, released on September 1, 2021 [3]. Users should upgrade to these versions or later. No workarounds are mentioned in the advisory. The vulnerability is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog as of this writing.
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/hashicorp/nomadGo | < 1.0.10 | 1.0.10 |
github.com/hashicorp/nomadGo | >= 1.1.0, < 1.1.4 | 1.1.4 |
Affected products
2- HashiCorp/Nomaddescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-c8x3-rg72-fwwgghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-37218ghsaADVISORY
- discuss.hashicorp.com/t/hcsec-2021-21-nomad-raft-rpc-privilege-escalation/29023ghsax_refsource_MISCWEB
- www.hashicorp.com/blog/category/nomadghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.