Vulnerabilities > Hashicorp > Nomad

DATE CVE VULNERABILITY TITLE RISK
2021-06-17 CVE-2021-32575 Unspecified vulnerability in Hashicorp Nomad
HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge networking mode allows ARP spoofing from other bridged tasks on the same node.
low complexity
hashicorp
6.5
2021-02-01 CVE-2021-3283 Unspecified vulnerability in Hashicorp Nomad
HashiCorp Nomad and Nomad Enterprise up to 0.12.9 exec and java task drivers can access processes associated with other tasks on the same node.
network
low complexity
hashicorp
7.5
2020-11-24 CVE-2020-28348 Path Traversal vulnerability in Hashicorp Nomad
HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be subverted when not explicitly disabled or when using a volume mount type.
network
low complexity
hashicorp CWE-22
6.5
2020-10-22 CVE-2020-27195 Unspecified vulnerability in Hashicorp Nomad
HashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5 client file sandbox feature can be subverted using either the template or artifact stanzas.
network
low complexity
hashicorp
critical
9.1
2020-04-28 CVE-2020-10944 Cross-site Scripting vulnerability in Hashicorp Nomad
HashiCorp Nomad and Nomad Enterprise up to 0.10.4 contained a cross-site scripting vulnerability such that files from a malicious workload could cause arbitrary JavaScript to execute in the web UI.
network
low complexity
hashicorp CWE-79
5.4
2020-01-31 CVE-2020-7956 Improper Certificate Validation vulnerability in Hashicorp Nomad
HashiCorp Nomad and Nomad Enterprise up to 0.10.2 incorrectly validated role/region associated with TLS certificates used for mTLS RPC, and were susceptible to privilege escalation.
network
low complexity
hashicorp CWE-295
critical
9.8
2020-01-31 CVE-2020-7218 Allocation of Resources Without Limits or Throttling vulnerability in Hashicorp Nomad
HashiCorp Nomad and Nonad Enterprise up to 0.10.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service.
network
low complexity
hashicorp CWE-770
7.5
2019-08-12 CVE-2019-12618 Improper Privilege Management vulnerability in Hashicorp Nomad 0.9.0/0.9.1
HashiCorp Nomad 0.9.0 through 0.9.1 has Incorrect Access Control via the exec driver.
network
low complexity
hashicorp CWE-269
critical
9.8