RSS   Podatności dla 'Nomad'   RSS

2021-10-07
 
CVE-2021-41865

NVD-CWE-noinfo
 

 
HashiCorp Nomad and Nomad Enterprise 1.1.1 through 1.1.5 allowed authenticated users with job submission capabilities to cause denial of service by submitting incomplete job specifications with a Consul mesh gateway and host networking mode. Fixed in 1.1.6.

 
2021-09-07
 
CVE-2021-37218

CWE-295
 

 
HashiCorp Nomad and Nomad Enterprise Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.0.10 and 1.1.4.

 
2021-06-17
 
CVE-2021-32575

NVD-CWE-noinfo
 

 
HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge networking mode allows ARP spoofing from other bridged tasks on the same node. Fixed in 0.12.12, 1.0.5, and 1.1.0 RC1.

 
2021-02-01
 
CVE-2021-3283

NVD-CWE-noinfo
 

 
HashiCorp Nomad and Nomad Enterprise up to 0.12.9 exec and java task drivers can access processes associated with other tasks on the same node. Fixed in 0.12.10, and 1.0.3.

 
2020-04-28
 
CVE-2020-10944

CWE-79
 

 
HashiCorp Nomad and Nomad Enterprise up to 0.10.4 contained a cross-site scripting vulnerability such that files from a malicious workload could cause arbitrary JavaScript to execute in the web UI. Fixed in 0.10.5.

 
2020-01-31
 
CVE-2020-7956

CWE-295
 

 
HashiCorp Nomad and Nomad Enterprise up to 0.10.2 incorrectly validated role/region associated with TLS certificates used for mTLS RPC, and were susceptible to privilege escalation. Fixed in 0.10.3.

 
 
CVE-2020-7218

CWE-400
 

 
HashiCorp Nomad and Nomad Enterprise before 0.10.3 allow unbounded resource usage.

 
2019-08-12
 
CVE-2019-12618

CWE-284
 

 
HashiCorp Nomad 0.9.0 through 0.9.1 has Incorrect Access Control via the exec driver.

 

 >>> Vendor: Hashicorp 13 Produkty
Vagrant vmware fusion
Vagrant
Terraform
Consul
Nomad
Packer
Vault
Terraform enterprise
Vault-ssh-helper
Go-slug
Vault provider for secrets store csi driver
Terraform provider
Vault-action


Copyright 2021, cxsecurity.com

 

Back to Top