Vulnerabilities > Hashicorp > Nomad > 0.9.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-20 | CVE-2023-3072 | Missing Authorization vulnerability in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise 0.7.0 up to 1.5.6 and 1.4.10 ACL policies using a block without a label generates unexpected results. | 3.8 |
| 2023-02-16 | CVE-2023-0821 | Unspecified vulnerability in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source can cause excessive disk usage. | 6.5 |
| 2022-12-26 | CVE-2019-14802 | Unspecified vulnerability in Hashicorp Nomad HashiCorp Nomad 0.5.0 through 0.9.4 (fixed in 0.9.5) reveals unintended environment variables to the rendering task during template rendering, aka GHSA-6hv3-7c34-4hx8. | 5.3 |
| 2022-06-02 | CVE-2022-30324 | Unspecified vulnerability in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were impacted by go-getter vulnerabilities enabling privilege escalation through the artifact stanza in submitted jobs onto the client agent host. | 9.8 |
| 2022-02-15 | CVE-2022-24684 | Unspecified vulnerability in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise 0.9.0 through 1.0.16, 1.1.11, and 1.2.5 allow operators with job-submit capabilities to use the spread stanza to panic server agents. | 6.5 |
| 2022-02-14 | CVE-2022-24686 | Race Condition vulnerability in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.11, and 1.2.5 artifact download functionality has a race condition such that the Nomad client agent could download the wrong artifact into the wrong destination. | 5.9 |
| 2021-09-07 | CVE-2021-37218 | Improper Certificate Validation vulnerability in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. | 8.8 |
| 2021-06-17 | CVE-2021-32575 | Unspecified vulnerability in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge networking mode allows ARP spoofing from other bridged tasks on the same node. low complexity hashicorp | 6.5 |
| 2021-02-01 | CVE-2021-3283 | Unspecified vulnerability in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise up to 0.12.9 exec and java task drivers can access processes associated with other tasks on the same node. | 7.5 |
| 2020-11-24 | CVE-2020-28348 | Path Traversal vulnerability in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be subverted when not explicitly disabled or when using a volume mount type. | 6.5 |