CVE-2021-32575 — Insufficient Isolation of System-Dependent Functions in Hashicorp Nomad

CWE-1100 — Insufficient Isolation of System-Dependent Functions7 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

0.2%

top 60.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Github.com Hashicorp Nomad Hashicorp Nomad

Timeline

PublishedJun 17

Latest updateAug 21

Description

HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge networking mode allows ARP spoofing from other bridged tasks on the same node. Fixed in 0.12.12, 1.0.5, and 1.1.0 RC1.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶Gogithub.com/hashicorp_nomad1.0.0 — 1.0.5+1

▶NVDhashicorp/nomad1.0.4

Patches

Patch: discuss.hashicorp.com ↗Patch: discuss.hashicorp.com ↗

🔴Vulnerability Details

OSV

Improper network isolation in Hashicorp Nomad in github.com/hashicorp/nomad↗2024-08-21

▶

GHSA

Improper network isolation in Hashicorp Nomad↗2021-06-24

▶

OSV

Improper network isolation in Hashicorp Nomad↗2021-06-24

▶

OSV

CVE-2021-32575: HashiCorp Nomad and Nomad Enterprise up to version 1↗2021-06-17

▶

CVEList

CVE-2021-32575: HashiCorp Nomad and Nomad Enterprise up to version 1↗2021-06-17

▶

📋Vendor Advisories

Red Hat

nomad: bridge networking mode allows ARP spoofing from other bridged tasks on same node↗2021-05-12

▶