VYPR
Low severityNVD Advisory· Published Jul 19, 2023· Updated Oct 17, 2024

Nomad Caller ACL Token's Secret ID is Exposed to Sentinel

CVE-2023-3299

Description

HashiCorp Nomad Enterprise 1.2.11 up to 1.5.6, and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/hashicorp/nomadGo
>= 1.2.11, < 1.4.111.4.11
github.com/hashicorp/nomadGo
>= 1.5.0, < 1.5.71.5.7

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.