Nomad Job Submitter Privilege Escalation Using Workload Identity
Description
HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter to escalate to management-level privileges using workload identity and task API. Fixed in 1.5.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
HashiCorp Nomad 1.5.0 allows job submitters with submit-job ACL to escalate to management-level privileges via workload identity without attached policies.
Vulnerability
Overview
CVE-2023-1299 affects HashiCorp Nomad and Nomad Enterprise version 1.5.0. The vulnerability allows a user with the submit-job ACL capability to escalate their privileges to the management level by abusing the workload identity feature. This issue was introduced when the identity block was added in Nomad 1.5.0, which exposes a workload identity token to tasks via a Unix domain socket, enabling HTTP API access without mTLS configuration [1][3].
Exploitation
Details
The core problem lies in the workload identity token's validation: if the token has no attached ACL policies, it can be used to gain higher privileges than intended. An attacker who can submit a malicious job can craft the workload identity to obtain management-level access to the Nomad API. The vulnerability does not require authentication bypass; it relies on a legitimate but insufficiently restricted capability [2][3].
Impact
Successful exploitation grants the attacker management-level privileges within the Nomad cluster. This allows full control over the cluster, including the ability to read and modify all variables, manipulate running jobs, and access sensitive data. The impact is high confidentiality, integrity, and availability compromise [2][3].
Mitigation
HashiCorp fixed this vulnerability in Nomad 1.5.1. Users running Nomad 1.5.0 should upgrade to 1.5.1 or later. No workarounds are mentioned; upgrading directly is the recommended remediation [3].
- GitHub - hashicorp/nomad: Nomad is an easy-to-use, flexible, and performant workload orchestrator that can deploy a mix of microservice, batch, containerized, and non-containerized applications. Nomad is easy to operate and scale and has native Consul and Vault integrations.
- NVD - CVE-2023-1299
- HCSEC-2023-08 - Nomad Job Submitter Privilege Escalation Using Workload Identity
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/hashicorp/nomadGo | >= 1.5.0, < 1.5.1 | 1.5.1 |
Affected products
3- HashiCorp/Nomadv5Range: 1.5.0
- HashiCorp/Nomad Enterprisev5Range: 1.5.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3News mentions
0No linked articles in our index yet.