CVE-2021-41865
published 2021-10-07CVE-2021-41865: HashiCorp Nomad and Nomad Enterprise 1.1.1 through 1.1.5 allowed authenticated users with job submission capabilities to cause denial of service by submitting…
PriorityP428medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
EPSS
0.97%
57.3th percentile
HashiCorp Nomad and Nomad Enterprise 1.1.1 through 1.1.5 allowed authenticated users with job submission capabilities to cause denial of service by submitting incomplete job specifications with a Consul mesh gateway and host networking mode. Fixed in 1.1.6.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hashicorp | nomad | >= 1.1.1 < 1.1.6 | 1.1.6 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:P
osv6.5MEDIUM
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
nomad: Denial of service by submitting incomplete job specifications
vendor_redhat·2021-10-07·CVSS 6.5
CVE-2021-41865 [MEDIUM] CWE-400 nomad: Denial of service by submitting incomplete job specifications
nomad: Denial of service by submitting incomplete job specifications
HashiCorp Nomad and Nomad Enterprise 1.1.1 through 1.1.5 allowed authenticated users with job submission capabilities to cause denial of service by submitting incomplete job specifications with a Consul mesh gateway and host networking mode. Fixed in 1.1.6.
Package: mcg (Red Hat Openshift Container Storage 4) - Not affected
Package: ocs4/cephcsi-rhel8 (Red Hat Openshift Container Storage 4) - Not affected
Package: ocs4/mcg-rhel8-operator (Red Hat Openshift Container Storage 4) - Not affected
Package: ocs4/ocs-must-gather-rhel8 (Red Hat Openshift Container Storage 4) - Not affected
Package: ocs4/ocs-rhel8-operator (Red Hat Openshift Container Storage 4) - Not affected
Package: ocs4/rook-ceph-rhel8-operator (Red Hat
GHSA
GHSA-g2jw-2jr4-qjj5: HashiCorp Nomad and Nomad Enterprise 1
ghsa_unreviewed·2022-05-24
CVE-2021-41865 [MEDIUM] GHSA-g2jw-2jr4-qjj5: HashiCorp Nomad and Nomad Enterprise 1
HashiCorp Nomad and Nomad Enterprise 1.1.1 through 1.1.5 allowed authenticated users with job submission capabilities to cause denial of service by submitting incomplete job specifications with a Consul mesh gateway and host networking mode. Fixed in 1.1.6.
OSV
CVE-2021-41865: HashiCorp Nomad and Nomad Enterprise 1
osv·2021-10-07·CVSS 6.5
CVE-2021-41865 [MEDIUM] CVE-2021-41865: HashiCorp Nomad and Nomad Enterprise 1
HashiCorp Nomad and Nomad Enterprise 1.1.1 through 1.1.5 allowed authenticated users with job submission capabilities to cause denial of service by submitting incomplete job specifications with a Consul mesh gateway and host networking mode. Fixed in 1.1.6.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://discuss.hashicorp.com/t/hcsec-2021-26-nomad-denial-of-service-via-submission-of-incomplete-job-specification-using-consul-mesh-gateway-host-network/30311https://discuss.hashicorp.com/t/hcsec-2021-26-nomad-denial-of-service-via-submission-of-incomplete-job-specification-using-consul-mesh-gateway-host-network/30311
2021-10-07
Published