Vulnerabilities > Hashicorp > Nomad > 1.4.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-20 | CVE-2023-3072 | Missing Authorization vulnerability in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise 0.7.0 up to 1.5.6 and 1.4.10 ACL policies using a block without a label generates unexpected results. | 3.8 |
| 2023-07-20 | CVE-2023-3299 | Exposure of Resource to Wrong Sphere vulnerability in Hashicorp Nomad HashiCorp Nomad Enterprise 1.2.11 up to 1.5.6, and 1.4.10 ACL policies using a block without a label generates unexpected results. | 2.7 |
| 2023-07-20 | CVE-2023-3300 | Missing Authorization vulnerability in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. | 5.3 |
| 2023-03-14 | CVE-2023-1296 | Missing Authorization vulnerability in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.5.0 did not correctly enforce deny policies applied to a workload’s variables. | 5.3 |
| 2023-02-16 | CVE-2023-0821 | Unspecified vulnerability in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source can cause excessive disk usage. | 6.5 |
| 2022-11-10 | CVE-2022-3866 | Exposure of Resource to Wrong Sphere vulnerability in Hashicorp Nomad 1.4.0/1.4.1 HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. | 4.3 |
| 2022-11-10 | CVE-2022-3867 | Insufficient Session Expiration vulnerability in Hashicorp Nomad 1.4.0/1.4.1 HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 event stream subscribers using a token with TTL receive updates until token garbage is collected. | 4.3 |