VYPR

Nomad

by Hashicorp

Source repositories

CVEs (27)

  • CVE-2023-3300MedJul 20, 2023
    risk 0.27cvss 5.3epss 0.00

    HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and 1.4.1.

  • CVE-2023-3072MedJul 20, 2023
    risk 0.27cvss 4.1epss 0.00

    HashiCorp Nomad and Nomad Enterprise 0.7.0 up to 1.5.6 and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11.

  • CVE-2019-14802MedDec 26, 2022
    risk 0.27cvss 5.3epss 0.01

    HashiCorp Nomad 0.5.0 through 0.9.4 (fixed in 0.9.5) reveals unintended environment variables to the rendering task during template rendering, aka GHSA-6hv3-7c34-4hx8. This applies to nomad/client/allocrunner/taskrunner/template.

  • CVE-2022-3866MedNov 10, 2022
    risk 0.26cvss 5.0epss 0.01

    HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. Fixed in 1.4.2.

  • CVE-2023-1296LowMar 14, 2023
    risk 0.18cvss 2.7epss 0.01

    HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.5.0 did not correctly enforce deny policies applied to a workload’s variables. Fixed in 1.4.6 and 1.5.1.

  • CVE-2022-3867LowNov 10, 2022
    risk 0.11cvss 2.7epss 0.00

    HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 event stream subscribers using a token with TTL receive updates until token garbage is collected. Fixed in 1.4.2.

  • CVE-2025-63205Nov 19, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in bridgetech probes VB220 IP Network Probe,VB120 Embedded IP + RF Probe, VB330 High-Capacity Probe, VB440 ST 2110 Production Analytics Probe, and NOMAD, firmware versions 6.5.0-9, allowing attackers to gain sensitive information such as administrator…

Page 2 of 2