HashiCorp Nomad and Nomad Enterprise versions 1.5.0 up to 1.5.2 allow unauthenticated users to bypass intended ACL authorizations for clusters where mTLS is not enabled. This issue is fixed in version 1.5.3.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: HashiCorp
Published: 2023-04-05T19:10:52.697Z
Updated: 2024-08-02T05:57:25.242Z
Reserved: 2023-03-31T14:50:56.892Z
Link: CVE-2023-1782
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-04-05T20:15:07.763
Modified: 2024-11-21T07:39:53.690
Link: CVE-2023-1782
Redhat
No data.