Vulnerabilities > CVE-2021-41865 - Unspecified vulnerability in Hashicorp Nomad

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

hashicorp

NVD

Published: 2021-10-07

Updated: 2021-10-15

Summary

HashiCorp Nomad and Nomad Enterprise 1.1.1 through 1.1.5 allowed authenticated users with job submission capabilities to cause denial of service by submitting incomplete job specifications with a Consul mesh gateway and host networking mode. Fixed in 1.1.6.

Vulnerable Configurations

Part	Description	Count
Application	Hashicorp Hashicorp Nomad 1.1.1 Hashicorp Nomad 1.1.2 Hashicorp Nomad 1.1.3 Hashicorp Nomad 1.1.4 Hashicorp Nomad 1.1.5	10

References

https://discuss.hashicorp.com/t/hcsec-2021-26-nomad-denial-of-service-via-submission-of-incomplete-job-specification-using-consul-mesh-gateway-host-network/30311