CVE-2020-7218
published 2020-01-31CVE-2020-7218: HashiCorp Nomad and Nonad Enterprise up to 0.10.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of…
PriorityP336high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
1.47%
70.4th percentile
HashiCorp Nomad and Nonad Enterprise up to 0.10.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 0.10.3.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | hashicorp_nomad | >= 0 < 0.10.3 | 0.10.3 |
| hashicorp | nomad | < 0.10.3 | 0.10.3 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Allocation of Resources Without Limits or Throttling in HashiCorp Nomad in github.com/hashicorp/nomad
osv·2024-08-21
CVE-2020-7218 Allocation of Resources Without Limits or Throttling in HashiCorp Nomad in github.com/hashicorp/nomad
Allocation of Resources Without Limits or Throttling in HashiCorp Nomad in github.com/hashicorp/nomad
Allocation of Resources Without Limits or Throttling in HashiCorp Nomad in github.com/hashicorp/nomad
OSV
Allocation of Resources Without Limits or Throttling in HashiCorp Nomad
osv·2021-05-18
CVE-2020-7218 [HIGH] Allocation of Resources Without Limits or Throttling in HashiCorp Nomad
Allocation of Resources Without Limits or Throttling in HashiCorp Nomad
HashiCorp Nomad and Nomad Enterprise before 0.10.3 allow unbounded resource usage.
### Specific Go Packages Affected
github.com/hashicorp/nomad/command/agent
GHSA
Allocation of Resources Without Limits or Throttling in HashiCorp Nomad
ghsa·2021-05-18
CVE-2020-7218 [HIGH] CWE-400 Allocation of Resources Without Limits or Throttling in HashiCorp Nomad
Allocation of Resources Without Limits or Throttling in HashiCorp Nomad
HashiCorp Nomad and Nomad Enterprise before 0.10.3 allow unbounded resource usage.
### Specific Go Packages Affected
github.com/hashicorp/nomad/command/agent
OSV
CVE-2020-7218: HashiCorp Nomad and Nonad Enterprise up to 0
osv·2020-01-31·CVSS 7.5
CVE-2020-7218 [HIGH] CVE-2020-7218: HashiCorp Nomad and Nonad Enterprise up to 0
HashiCorp Nomad and Nonad Enterprise up to 0.10.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 0.10.3.
No detection rules found.
No public exploits indexed.
CWE
Uncontrolled Resource Consumption
mitre_cwe
CWE-400 Uncontrolled Resource Consumption
CWE-400: Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource.
Modes of Introduction:
Phase: Operation
Note: The product could be operated in a system or environment with lower resource limits than expected, which might make it easier for attackers to consume all available resources.
Phase: System Configuration
Note: The product could be configured with lower resource limits than expected, which might make it easier for attackers to consume all available resources.
Phase: Architecture and Design
Note: The designer might not consider how to handle and throttle excessive resource requests, which typically requires careful planning to handle more gracefully than a crash or exit.
Phase: Implementation
Note: There are at
CWE
Allocation of Resources Without Limits or Throttling
mitre_cwe
CWE-770 Allocation of Resources Without Limits or Throttling
CWE-770: Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
Modes of Introduction:
Phase: Architecture and Design
Note: OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase.
Phase: Implementation
Phase: Operation
Phase: System Configuration
Common Consequences:
Scope: Availability. Impact: DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory), DoS: Resource Consumption (Other). When allocating resources without limits, an attacker could prevent other systems, applications, or processes from accessing the same type of resource. It can be
2020-01-31
Published