Filtered by vendor Hashicorp Subscriptions
Filtered by product Nomad Subscriptions
Total 28 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-32575 1 Hashicorp 1 Nomad 2024-11-21 6.5 Medium
HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge networking mode allows ARP spoofing from other bridged tasks on the same node. Fixed in 0.12.12, 1.0.5, and 1.1.0 RC1.
CVE-2020-7956 1 Hashicorp 1 Nomad 2024-11-21 9.8 Critical
HashiCorp Nomad and Nomad Enterprise up to 0.10.2 incorrectly validated role/region associated with TLS certificates used for mTLS RPC, and were susceptible to privilege escalation. Fixed in 0.10.3.
CVE-2020-7218 1 Hashicorp 1 Nomad 2024-11-21 7.5 High
HashiCorp Nomad and Nonad Enterprise up to 0.10.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 0.10.3.
CVE-2020-28348 1 Hashicorp 1 Nomad 2024-11-21 6.5 Medium
HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be subverted when not explicitly disabled or when using a volume mount type. Fixed in 0.12.8, 0.11.7, and 0.10.8.
CVE-2020-27195 1 Hashicorp 1 Nomad 2024-11-21 9.1 Critical
HashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5 client file sandbox feature can be subverted using either the template or artifact stanzas. Fixed in 0.12.6, 0.11.5, and 0.10.6
CVE-2020-10944 1 Hashicorp 1 Nomad 2024-11-21 5.4 Medium
HashiCorp Nomad and Nomad Enterprise up to 0.10.4 contained a cross-site scripting vulnerability such that files from a malicious workload could cause arbitrary JavaScript to execute in the web UI. Fixed in 0.10.5.
CVE-2019-14802 1 Hashicorp 1 Nomad 2024-11-21 5.3 Medium
HashiCorp Nomad 0.5.0 through 0.9.4 (fixed in 0.9.5) reveals unintended environment variables to the rendering task during template rendering, aka GHSA-6hv3-7c34-4hx8. This applies to nomad/client/allocrunner/taskrunner/template.
CVE-2019-12618 1 Hashicorp 1 Nomad 2024-11-21 N/A
HashiCorp Nomad 0.9.0 through 0.9.1 has Incorrect Access Control via the exec driver.