Moderate severityNVD Advisory· Published Mar 14, 2023· Updated Feb 27, 2025
Nomad ACLs Can Not Deny Access to Workload's Own Variables
CVE-2023-1296
Description
HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.5.0 did not correctly enforce deny policies applied to a workload’s variables. Fixed in 1.4.6 and 1.5.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/hashicorp/nomadGo | >= 1.4.0, < 1.4.6 | 1.4.6 |
github.com/hashicorp/nomadGo | >= 1.5.0, < 1.5.1 | 1.5.1 |
Affected products
3- Range: 1.5.0
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.