HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. Fixed in 1.0.14, 1.1.8, and 1.2.1.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-12-03T21:20:12
Updated: 2024-08-04T03:55:29.400Z
Reserved: 2021-11-08T00:00:00
Link: CVE-2021-43415
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-12-03T22:15:07.757
Modified: 2024-11-21T06:29:11.990
Link: CVE-2021-43415
Redhat