Vulnerabilities > Hashicorp > Nomad > 1.1.6

DATE CVE VULNERABILITY TITLE RISK
2023-07-20 CVE-2023-3072 Missing Authorization vulnerability in Hashicorp Nomad
HashiCorp Nomad and Nomad Enterprise 0.7.0 up to 1.5.6 and 1.4.10 ACL policies using a block without a label generates unexpected results.
network
low complexity
hashicorp CWE-862
3.8
2023-07-20 CVE-2023-3300 Missing Authorization vulnerability in Hashicorp Nomad
HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy.
network
low complexity
hashicorp CWE-862
5.3
2023-02-16 CVE-2023-0821 Unspecified vulnerability in Hashicorp Nomad
HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source can cause excessive disk usage.
network
low complexity
hashicorp
6.5
2022-10-12 CVE-2022-41606 Unspecified vulnerability in Hashicorp Nomad
HashiCorp Nomad and Nomad Enterprise 1.0.2 up to 1.2.12, and 1.3.5 jobs submitted with an artifact stanza using invalid S3 or GCS URLs can be used to crash client agents.
network
low complexity
hashicorp
6.5
2022-06-02 CVE-2022-30324 Unspecified vulnerability in Hashicorp Nomad
HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were impacted by go-getter vulnerabilities enabling privilege escalation through the artifact stanza in submitted jobs onto the client agent host.
network
low complexity
hashicorp
7.5
2022-02-28 CVE-2022-24685 Allocation of Resources Without Limits or Throttling vulnerability in Hashicorp Nomad
HashiCorp Nomad and Nomad Enterprise 1.0.17, 1.1.11, and 1.2.5 allow invalid HCL for the jobs parse endpoint, which may cause excessive CPU usage.
network
low complexity
hashicorp CWE-770
5.0
2022-02-17 CVE-2022-24683 Unspecified vulnerability in Hashicorp Nomad
HashiCorp Nomad and Nomad Enterprise 0.9.2 through 1.0.17, 1.1.11, and 1.2.5 allow operators with read-fs and alloc-exec (or job-submit) capabilities to read arbitrary files on the host filesystem as root.
network
low complexity
hashicorp
7.8
2022-02-15 CVE-2022-24684 Unspecified vulnerability in Hashicorp Nomad
HashiCorp Nomad and Nomad Enterprise 0.9.0 through 1.0.16, 1.1.11, and 1.2.5 allow operators with job-submit capabilities to use the spread stanza to panic server agents.
network
low complexity
hashicorp
6.5
2022-02-14 CVE-2022-24686 Race Condition vulnerability in Hashicorp Nomad
HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.11, and 1.2.5 artifact download functionality has a race condition such that the Nomad client agent could download the wrong artifact into the wrong destination.
network
hashicorp CWE-362
4.3
2021-12-03 CVE-2021-43415 Unspecified vulnerability in Hashicorp Nomad
HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths.
network
low complexity
hashicorp
8.8