Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-rx97-6c62-55mf

GitHub Security Advisory

Hashicorp Nomad Incorrect Privilege Assignment vulnerability

✓ GitHub Reviewed HIGH Has CVE
View on GitHub

Advisory Details

Nomad Community and Nomad Enterprise (“Nomad”) prefix-based ACL policy lookup can lead to incorrect rule application and shadowing. This vulnerability, identified as CVE-2025-4922, is fixed in Nomad Community Edition 1.10.2 and Nomad Enterprise 1.10.2, 1.9.10, and 1.8.14.

Affected Packages

Go github.com/hashicorp/nomad
Affected versions: 0

Related CVEs

CVE-2025-4922

Key Information

GHSA ID
GHSA-rx97-6c62-55mf
Published
June 11, 2025 3:30 PM
Last Modified
June 11, 2025 5:39 PM
CVSS Score
7.5 /10
Primary Ecosystem
Go
Primary Package
github.com/hashicorp/nomad
GitHub Reviewed
✓ Yes

Dataset

Last updated: June 13, 2025 6:24 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.