Vulnerabilities > Hashicorp > Nomad > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-08 | CVE-2024-1329 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Hashicorp Nomad 1.5.13/1.6.6/1.7.3. HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. | 7.5 |
| 2023-03-14 | CVE-2023-1299 | Unspecified vulnerability in Hashicorp Nomad 1.5.0 HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter to escalate to management-level privileges using workload identity and task API. | 8.8 |
| 2022-02-28 | CVE-2022-24685 | Allocation of Resources Without Limits or Throttling vulnerability in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise 1.0.17, 1.1.11, and 1.2.5 allow invalid HCL for the jobs parse endpoint, which may cause excessive CPU usage. | 7.5 |
| 2022-02-17 | CVE-2022-24683 | Unspecified vulnerability in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise 0.9.2 through 1.0.17, 1.1.11, and 1.2.5 allow operators with read-fs and alloc-exec (or job-submit) capabilities to read arbitrary files on the host filesystem as root. | 7.5 |
| 2021-12-03 | CVE-2021-43415 | Unspecified vulnerability in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. | 8.8 |
| 2021-09-07 | CVE-2021-37218 | Improper Certificate Validation vulnerability in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. | 8.8 |
| 2021-02-01 | CVE-2021-3283 | Unspecified vulnerability in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise up to 0.12.9 exec and java task drivers can access processes associated with other tasks on the same node. | 7.5 |
| 2020-01-31 | CVE-2020-7218 | Allocation of Resources Without Limits or Throttling vulnerability in Hashicorp Nomad HashiCorp Nomad and Nonad Enterprise up to 0.10.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. | 7.5 |