CVE-2021-37218 — Improper Certificate Validation in Hashicorp Nomad

CWE-295 — Improper Certificate Validation7 documents5 sources

Severity

8.8HIGHNVD

EPSS

0.2%

top 62.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Github.com Hashicorp Nomad Hashicorp Nomad

Timeline

PublishedSep 7

Latest updateAug 21

Description

HashiCorp Nomad and Nomad Enterprise Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.0.10 and 1.1.4.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDhashicorp/nomad1.1.1 — 1.1.4+2

▶Gogithub.com/hashicorp_nomad1.1.0 — 1.1.4+1

🔴Vulnerability Details

OSV

Privilege escalation in Hashicorp Nomad in github.com/hashicorp/nomad↗2024-08-21

▶

OSV

Privilege escalation in Hashicorp Nomad↗2021-09-08

▶

GHSA

Privilege escalation in Hashicorp Nomad↗2021-09-08

▶

CVEList

CVE-2021-37218: HashiCorp Nomad and Nomad Enterprise Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only func↗2021-09-07

▶

OSV

CVE-2021-37218: HashiCorp Nomad and Nomad Enterprise Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only func↗2021-09-07

▶

📋Vendor Advisories

Red Hat

nomad: Raft RPC privilege escalation↗2021-09-01

▶