CVE-2020-7956
published 2020-01-31CVE-2020-7956: HashiCorp Nomad and Nomad Enterprise up to 0.10.2 incorrectly validated role/region associated with TLS certificates used for mTLS RPC, and were susceptible to…
PriorityP342critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.98%
57.9th percentile
HashiCorp Nomad and Nomad Enterprise up to 0.10.2 incorrectly validated role/region associated with TLS certificates used for mTLS RPC, and were susceptible to privilege escalation. Fixed in 0.10.3.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | hashicorp_nomad | >= 0 < 0.10.3 | 0.10.3 |
| hashicorp | nomad | < 0.10.3 | 0.10.3 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Improper Certificate Validation in HashiCorp Nomad in github.com/hashicorp/nomad
osv·2024-08-21
CVE-2020-7956 Improper Certificate Validation in HashiCorp Nomad in github.com/hashicorp/nomad
Improper Certificate Validation in HashiCorp Nomad in github.com/hashicorp/nomad
Improper Certificate Validation in HashiCorp Nomad in github.com/hashicorp/nomad
OSV
Improper Certificate Validation in HashiCorp Nomad
osv·2021-05-18
CVE-2020-7956 [HIGH] Improper Certificate Validation in HashiCorp Nomad
Improper Certificate Validation in HashiCorp Nomad
HashiCorp Nomad and Nomad Enterprise up to 0.10.2 incorrectly validated role/region associated with TLS certificates used for mTLS RPC, and were susceptible to privilege escalation. Fixed in 0.10.3.
GHSA
Improper Certificate Validation in HashiCorp Nomad
ghsa·2021-05-18
CVE-2020-7956 [HIGH] CWE-295 Improper Certificate Validation in HashiCorp Nomad
Improper Certificate Validation in HashiCorp Nomad
HashiCorp Nomad and Nomad Enterprise up to 0.10.2 incorrectly validated role/region associated with TLS certificates used for mTLS RPC, and were susceptible to privilege escalation. Fixed in 0.10.3.
OSV
CVE-2020-7956: HashiCorp Nomad and Nomad Enterprise up to 0
osv·2020-01-31·CVSS 9.8
CVE-2020-7956 [CRITICAL] CVE-2020-7956: HashiCorp Nomad and Nomad Enterprise up to 0
HashiCorp Nomad and Nomad Enterprise up to 0.10.2 incorrectly validated role/region associated with TLS certificates used for mTLS RPC, and were susceptible to privilege escalation. Fixed in 0.10.3.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-01-31
Published