Vulnerabilities > Hashicorp > Nomad > 0.8.7

DATE CVE VULNERABILITY TITLE RISK
2023-07-20 CVE-2023-3072 Missing Authorization vulnerability in Hashicorp Nomad
HashiCorp Nomad and Nomad Enterprise 0.7.0 up to 1.5.6 and 1.4.10 ACL policies using a block without a label generates unexpected results.
network
low complexity
hashicorp CWE-862
3.8
2023-02-16 CVE-2023-0821 Unspecified vulnerability in Hashicorp Nomad
HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source can cause excessive disk usage.
network
low complexity
hashicorp
6.5
2022-06-02 CVE-2022-30324 Unspecified vulnerability in Hashicorp Nomad
HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were impacted by go-getter vulnerabilities enabling privilege escalation through the artifact stanza in submitted jobs onto the client agent host.
network
low complexity
hashicorp
7.5
2022-02-14 CVE-2022-24686 Race Condition vulnerability in Hashicorp Nomad
HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.11, and 1.2.5 artifact download functionality has a race condition such that the Nomad client agent could download the wrong artifact into the wrong destination.
network
hashicorp CWE-362
4.3
2021-09-07 CVE-2021-37218 Improper Certificate Validation vulnerability in Hashicorp Nomad
HashiCorp Nomad and Nomad Enterprise Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation.
network
low complexity
hashicorp CWE-295
6.5
2021-06-17 CVE-2021-32575 Unspecified vulnerability in Hashicorp Nomad
HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge networking mode allows ARP spoofing from other bridged tasks on the same node.
low complexity
hashicorp
3.3
2021-02-01 CVE-2021-3283 Unspecified vulnerability in Hashicorp Nomad
HashiCorp Nomad and Nomad Enterprise up to 0.12.9 exec and java task drivers can access processes associated with other tasks on the same node.
network
low complexity
hashicorp
5.0
2020-04-28 CVE-2020-10944 Cross-site Scripting vulnerability in Hashicorp Nomad
HashiCorp Nomad and Nomad Enterprise up to 0.10.4 contained a cross-site scripting vulnerability such that files from a malicious workload could cause arbitrary JavaScript to execute in the web UI.
network
hashicorp CWE-79
3.5
2020-01-31 CVE-2020-7956 Improper Certificate Validation vulnerability in Hashicorp Nomad
HashiCorp Nomad and Nomad Enterprise up to 0.10.2 incorrectly validated role/region associated with TLS certificates used for mTLS RPC, and were susceptible to privilege escalation.
network
low complexity
hashicorp CWE-295
7.5
2020-01-31 CVE-2020-7218 Allocation of Resources Without Limits or Throttling vulnerability in Hashicorp Nomad
HashiCorp Nomad and Nonad Enterprise up to 0.10.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service.
network
low complexity
hashicorp CWE-770
5.0