VYPR

Nomad Enterprise

by Hashicorp

Source repositories

CVEs (25)

  • CVE-2023-3072MedJul 20, 2023
    risk 0.27cvss 4.1epss 0.00

    HashiCorp Nomad and Nomad Enterprise 0.7.0 up to 1.5.6 and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11.

  • CVE-2022-3866MedNov 10, 2022
    risk 0.26cvss 5.0epss 0.01

    HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. Fixed in 1.4.2.

  • CVE-2023-3299LowJul 20, 2023
    risk 0.22cvss 3.4epss 0.00

    HashiCorp Nomad Enterprise 1.2.11 up to 1.5.6, and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11.

  • CVE-2023-1296LowMar 14, 2023
    risk 0.18cvss 2.7epss 0.01

    HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.5.0 did not correctly enforce deny policies applied to a workload’s variables. Fixed in 1.4.6 and 1.5.1.

  • CVE-2022-3867LowNov 10, 2022
    risk 0.11cvss 2.7epss 0.00

    HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 event stream subscribers using a token with TTL receive updates until token garbage is collected. Fixed in 1.4.2.

Page 2 of 2