CVE-2021-3283 — Improper Privilege Management in Hashicorp Nomad

CWE-269 — Improper Privilege Management6 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.4%

top 39.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Github.com Hashicorp Nomad Hashicorp Nomad

Timeline

PublishedFeb 1

Latest updateAug 21

Description

HashiCorp Nomad and Nomad Enterprise up to 0.12.9 exec and java task drivers can access processes associated with other tasks on the same node. Fixed in 0.12.10, and 1.0.3.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDhashicorp/nomad1.0.0 — 1.0.3+1

▶Gogithub.com/hashicorp_nomad1.0.0 — 1.0.3+1

🔴Vulnerability Details

OSV

Improper Privilege Management in HashiCorp Nomad in github.com/hashicorp/nomad↗2024-08-21

▶

OSV

Improper Privilege Management in HashiCorp Nomad↗2021-06-24

▶

GHSA

Improper Privilege Management in HashiCorp Nomad↗2021-06-24

▶

OSV

CVE-2021-3283: HashiCorp Nomad and Nomad Enterprise up to 0↗2021-02-01

▶

CVEList

CVE-2021-3283: HashiCorp Nomad and Nomad Enterprise up to 0↗2021-02-01

▶