HashiCorp Nomad and Nomad Enterprise versions 1.5.0 up to 1.5.2 allow unauthenticated users to bypass intended ACL authorizations for clusters where mTLS is not enabled. This issue is fixed in version 1.5.3.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: HashiCorp

Published: 2023-04-05T19:10:52.697Z

Updated: 2024-08-02T05:57:25.242Z

Reserved: 2023-03-31T14:50:56.892Z

Link: CVE-2023-1782

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-04-05T20:15:07.763

Modified: 2024-11-21T07:39:53.690

Link: CVE-2023-1782

cve-icon Redhat

No data.