Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up
hashicorp

Nomad Enterprise

25 Versions 14 CVEs

Versions

1.7.3

SEMANTIC 1 CVE

1.7.15

SEMANTIC 1 CVE

1.6.14

SEMANTIC 1 CVE

1.4.10

SEMANTIC 2 CVEs

1.3.0

SEMANTIC 1 CVE

1.4.3

SEMANTIC 1 CVE

0.6.1

SEMANTIC 1 CVE

1.5.13

SEMANTIC 1 CVE

1.5.0

SEMANTIC 3 CVEs

1.8.8

SEMANTIC 1 CVE

1.4.1

SEMANTIC 3 CVEs

1.2.15

SEMANTIC 1 CVE

1.7.11

SEMANTIC 1 CVE

1.3.8

SEMANTIC 1 CVE

1.5.6

SEMANTIC 3 CVEs

1.4.0

SEMANTIC 4 CVEs

1.7.10

SEMANTIC 1 CVE

1.6.13

SEMANTIC 1 CVE

1.2.11

SEMANTIC 1 CVE

1.7.16

SEMANTIC 1 CVE

1.6.6

SEMANTIC 1 CVE

1.8.7

SEMANTIC 1 CVE

0

SINGLE_NUMBER 3 CVEs

0.11.0

SEMANTIC 1 CVE

0.7.0

SEMANTIC 1 CVE

Recent CVEs

CVE-2024-12678

Nomad Community and Nomad Enterprise ("Nomad") allocations are vulnerable to privilege escalation within a namespace through unredacted workload identity tokens. This vulnerability, identified as CVE-2024-12678, is fixed in Nomad Community Edition 1.9.4 and Nomad Enterprise 1.9.4, 1.8.8, and 1.7.16.

MEDIUM Dec 20, 2024

CVE-2024-10975

Nomad Community and Nomad Enterprise ("Nomad") volume specification is vulnerable to arbitrary cross-namespace volume creation through unauthorized Container Storage Interface (CSI) volume writes. This vulnerability, identified as CVE-2024-10975, is fixed in Nomad Community Edition 1.9.2 and Nomad Enterprise 1.9.2, 1.8.7, and 1.7.15.

HIGH Nov 07, 2024

CVE-2024-7625

In HashiCorp Nomad and Nomad Enterprise from 0.6.1 up to 1.6.13, 1.7.10, and 1.8.2, the archive unpacking process is vulnerable to writes outside the allocation directory during migration of allocation directories when multiple archive headers target the same file. This vulnerability, CVE-2024-7625, is fixed in Nomad 1.6.14, 1.7.11, and 1.8.3. Access or compromise of the Nomad client agent at the source allocation first is a prerequisite for leveraging this vulnerability.

MEDIUM Aug 14, 2024

CVE-2024-6717

HashiCorp Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 1.8.1 archive unpacking during migration is vulnerable to path escaping of the allocation directory. This vulnerability, CVE-2024-6717, is fixed in Nomad 1.6.13, 1.7.10, and 1.8.2.

HIGH Jul 23, 2024

CVE-2024-1329

HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. This vulnerability, CVE-2024-1329, is fixed in Nomad 1.7.4, 1.6.7, and 1.5.14.

HIGH Feb 08, 2024

CVE-2023-1296

HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.5.0 did not correctly enforce deny policies applied to a workload’s variables. Fixed in 1.4.6 and 1.5.1.

LOW Mar 14, 2023

CVE-2023-0821

HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source can cause excessive disk usage. Fixed in 1.2.16, 1.3.9, and 1.4.4.

MEDIUM Feb 16, 2023

CVE-2022-3867

HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 event stream subscribers using a token with TTL receive updates until token garbage is collected. Fixed in 1.4.2.

LOW Nov 10, 2022

CVE-2022-3866

HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. Fixed in 1.4.2.

MEDIUM Nov 10, 2022