HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. Fixed in 1.0.14, 1.1.8, and 1.2.1.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-12-03T21:20:12

Updated: 2024-08-04T03:55:29.400Z

Reserved: 2021-11-08T00:00:00

Link: CVE-2021-43415

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-12-03T22:15:07.757

Modified: 2024-11-21T06:29:11.990

Link: CVE-2021-43415

cve-icon Redhat

Severity : Moderate

Publid Date: 2021-11-21T00:00:00Z

Links: CVE-2021-43415 - Bugzilla