Vulnerabilities > CVE-2022-3866 - Exposure of Resource to Wrong Sphere vulnerability in Hashicorp Nomad 1.4.0/1.4.1

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
NONE
network
low complexity
hashicorp
CWE-668

Summary

HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. Fixed in 1.4.2.

Vulnerable Configurations

Part Description Count
Application
Hashicorp
4

Common Weakness Enumeration (CWE)