High severityNVD Advisory· Published Mar 14, 2023· Updated Feb 27, 2025
Nomad Job Submitter Privilege Escalation Using Workload Identity
CVE-2023-1299
Description
HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter to escalate to management-level privileges using workload identity and task API. Fixed in 1.5.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/hashicorp/nomadGo | >= 1.5.0, < 1.5.1 | 1.5.1 |
Affected products
3- Range: 1.5.0
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.