Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Nomad
(Hashicorp)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 28 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-01-31 | CVE-2020-7218 | HashiCorp Nomad and Nonad Enterprise up to 0.10.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 0.10.3. | Nomad | 7.5 | ||
| 2021-10-07 | CVE-2021-41865 | HashiCorp Nomad and Nomad Enterprise 1.1.1 through 1.1.5 allowed authenticated users with job submission capabilities to cause denial of service by submitting incomplete job specifications with a Consul mesh gateway and host networking mode. Fixed in 1.1.6. | Nomad | 6.5 | ||
| 2021-09-07 | CVE-2021-37218 | HashiCorp Nomad and Nomad Enterprise Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.0.10 and 1.1.4. | Nomad | 8.8 | ||
| 2021-06-17 | CVE-2021-32575 | HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge networking mode allows ARP spoofing from other bridged tasks on the same node. Fixed in 0.12.12, 1.0.5, and 1.1.0 RC1. | Nomad | 6.5 | ||
| 2021-02-01 | CVE-2021-3283 | HashiCorp Nomad and Nomad Enterprise up to 0.12.9 exec and java task drivers can access processes associated with other tasks on the same node. Fixed in 0.12.10, and 1.0.3. | Nomad | 7.5 | ||
| 2020-11-24 | CVE-2020-28348 | HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be subverted when not explicitly disabled or when using a volume mount type. Fixed in 0.12.8, 0.11.7, and 0.10.8. | Nomad | 6.5 | ||
| 2020-10-22 | CVE-2020-27195 | HashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5 client file sandbox feature can be subverted using either the template or artifact stanzas. Fixed in 0.12.6, 0.11.5, and 0.10.6 | Nomad | 9.1 | ||
| 2020-04-28 | CVE-2020-10944 | HashiCorp Nomad and Nomad Enterprise up to 0.10.4 contained a cross-site scripting vulnerability such that files from a malicious workload could cause arbitrary JavaScript to execute in the web UI. Fixed in 0.10.5. | Nomad | N/A | ||
| 2020-01-31 | CVE-2020-7956 | HashiCorp Nomad and Nomad Enterprise up to 0.10.2 incorrectly validated role/region associated with TLS certificates used for mTLS RPC, and were susceptible to privilege escalation. Fixed in 0.10.3. | Nomad | N/A | ||
| 2019-08-12 | CVE-2019-12618 | HashiCorp Nomad 0.9.0 through 0.9.1 has Incorrect Access Control via the exec driver. | Nomad | 9.8 |