HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. Fixed in 1.4.2.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: HashiCorp

Published: 2022-11-10T05:34:52.468Z

Updated: 2024-08-03T01:20:58.432Z

Reserved: 2022-11-04T22:54:15.589Z

Link: CVE-2022-3866

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-11-10T06:15:09.747

Modified: 2024-11-21T07:20:23.823

Link: CVE-2022-3866

cve-icon Redhat

No data.