VYPR
Medium severity6.5NVD Advisory· Published Dec 20, 2024· Updated Jun 17, 2026

CVE-2024-12678

CVE-2024-12678

Description

Nomad Community and Nomad Enterprise ("Nomad") allocations are vulnerable to privilege escalation within a namespace through unredacted workload identity tokens. This vulnerability, identified as CVE-2024-12678, is fixed in Nomad Community Edition 1.9.4 and Nomad Enterprise 1.9.4, 1.8.8, and 1.7.16.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/hashicorp/nomadGo
< 1.9.41.9.4

Affected products

6

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.