HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter to escalate to management-level privileges using workload identity and task API. Fixed in 1.5.1.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: HashiCorp

Published: 2023-03-14T14:46:41.456Z

Updated: 2024-08-02T05:40:59.881Z

Reserved: 2023-03-09T20:18:12.180Z

Link: CVE-2023-1299

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-03-14T15:15:11.593

Modified: 2024-11-21T07:38:52.323

Link: CVE-2023-1299

cve-icon Redhat

No data.