CVE-2019-14802 — Sensitive Information Exposure in Hashicorp Nomad

CWE-200 — Sensitive Information Exposure CWE-526 — Cleartext Storage of Sensitive Information in an Environment Variable7 documents5 sources

Severity

5.3MEDIUMNVD

EPSS

0.4%

top 41.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Github.com Hashicorp Nomad Hashicorp Nomad

Timeline

PublishedDec 26

Latest updateAug 21

Description

HashiCorp Nomad 0.5.0 through 0.9.4 (fixed in 0.9.5) reveals unintended environment variables to the rendering task during template rendering, aka GHSA-6hv3-7c34-4hx8. This applies to nomad/client/allocrunner/taskrunner/template.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶NVDhashicorp/nomad0.5.0 — 0.9.5

▶Gogithub.com/hashicorp_nomad< 0.9.5

🔴Vulnerability Details

OSV

Hashicorp Nomad Information Exposure Through Environmental Variables in github.com/hashicorp/nomad↗2024-08-21

▶

CVEList

CVE-2019-14802: HashiCorp Nomad 0↗2022-12-26

▶

OSV

CVE-2019-14802: HashiCorp Nomad 0↗2022-12-26

▶

GHSA

Hashicorp Nomad Information Exposure Through Environmental Variables↗2022-02-15

▶

OSV

Hashicorp Nomad Information Exposure Through Environmental Variables↗2022-02-15

▶

📋Vendor Advisories

Red Hat

hashicorp/nomad: Information Exposure Through Environmental Variables↗2022-12-26

▶