CVE-2019-14802
published 2022-12-26CVE-2019-14802: HashiCorp Nomad 0.5.0 through 0.9.4 (fixed in 0.9.5) reveals unintended environment variables to the rendering task during template rendering, aka…
PriorityP424medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
0.59%
43.8th percentile
HashiCorp Nomad 0.5.0 through 0.9.4 (fixed in 0.9.5) reveals unintended environment variables to the rendering task during template rendering, aka GHSA-6hv3-7c34-4hx8. This applies to nomad/client/allocrunner/taskrunner/template.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | hashicorp_nomad | >= 0 < 0.9.5 | 0.9.5 |
| hashicorp | nomad | >= 0.5.0 < 0.9.5 | 0.9.5 |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
osv5.3MEDIUM
vendor_redhat5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Hashicorp Nomad Information Exposure Through Environmental Variables in github.com/hashicorp/nomad
osv·2024-08-21
CVE-2019-14802 Hashicorp Nomad Information Exposure Through Environmental Variables in github.com/hashicorp/nomad
Hashicorp Nomad Information Exposure Through Environmental Variables in github.com/hashicorp/nomad
Hashicorp Nomad Information Exposure Through Environmental Variables in github.com/hashicorp/nomad
OSV
CVE-2019-14802: HashiCorp Nomad 0
osv·2022-12-26·CVSS 5.3
CVE-2019-14802 [MEDIUM] CVE-2019-14802: HashiCorp Nomad 0
HashiCorp Nomad 0.5.0 through 0.9.4 (fixed in 0.9.5) reveals unintended environment variables to the rendering task during template rendering, aka GHSA-6hv3-7c34-4hx8. This applies to nomad/client/allocrunner/taskrunner/template.
GHSA
Hashicorp Nomad Information Exposure Through Environmental Variables
ghsa·2022-02-15
CVE-2019-14802 [MEDIUM] CWE-200 Hashicorp Nomad Information Exposure Through Environmental Variables
Hashicorp Nomad Information Exposure Through Environmental Variables
In Nomad before version 0.9.5, when rendering a task template, all environment variables were available to the rendering task. As a fix, only task environment variables are used.
OSV
Hashicorp Nomad Information Exposure Through Environmental Variables
osv·2022-02-15
CVE-2019-14802 [MEDIUM] Hashicorp Nomad Information Exposure Through Environmental Variables
Hashicorp Nomad Information Exposure Through Environmental Variables
In Nomad before version 0.9.5, when rendering a task template, all environment variables were available to the rendering task. As a fix, only task environment variables are used.
Red Hat
hashicorp/nomad: Information Exposure Through Environmental Variables
vendor_redhat·2022-12-26·CVSS 5.3
CVE-2019-14802 [MEDIUM] CWE-526 hashicorp/nomad: Information Exposure Through Environmental Variables
hashicorp/nomad: Information Exposure Through Environmental Variables
HashiCorp Nomad 0.5.0 through 0.9.4 (fixed in 0.9.5) reveals unintended environment variables to the rendering task during template rendering, aka GHSA-6hv3-7c34-4hx8. This applies to nomad/client/allocrunner/taskrunner/template.
A flaw was found in HashiCorp Nomad. In affected versions of Nomad, when rendering a task template, all environment variables were available to the rendering task. As a fix, only task environment variables are used.
Package: openshift4/ose-cluster-monitoring-rhel9-operator (Red Hat OpenShift Container Platform 4) - Not affected
Package: openshift4/ose-installer (Red Hat OpenShift Container Platform 4) - Not affected
Package: openshift4/ose-prometheus-rhel9 (Red Hat OpenShift Container Platf
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://advisories.gitlab.com/advisory/advgo_github_com_hashicorp_nomad_client_allocrunner_taskrunner_template_GMS_2022_818.htmlhttps://www.hashicorp.com/blog/category/nomadhttps://advisories.gitlab.com/advisory/advgo_github_com_hashicorp_nomad_client_allocrunner_taskrunner_template_GMS_2022_818.htmlhttps://www.hashicorp.com/blog/category/nomad
2022-12-26
Published