CVE-2023-0821
published 2023-02-16CVE-2023-0821: HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source can cause excessive disk usage…
PriorityP430medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
EPSS
0.80%
51.8th percentile
HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source can cause excessive disk usage. Fixed in 1.2.16, 1.3.9, and 1.4.4.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | hashicorp_nomad | >= 1.2.15 < 1.2.16 | 1.2.16 |
| github.com | hashicorp_nomad | >= 1.3.0 < 1.3.9 | 1.3.9 |
| github.com | hashicorp_nomad | >= 1.4.0 < 1.4.4 | 1.4.4 |
| hashicorp | nomad | < 1.2.15 | 1.2.15 |
| hashicorp | nomad | <= 1.2.15 | — |
| hashicorp | nomad | >= 1.3.0 < 1.3.9 | 1.3.9 |
| hashicorp | nomad | >= 1.4.0 < 1.4.4 | 1.4.4 |
| hashicorp | nomad_enterprise | <= 1.2.15 | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
osv6.5MEDIUM
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Uncontrolled Resource Consumption in Hashicorp Nomad in github.com/hashicorp/nomad
osv·2024-08-20
CVE-2023-0821 Uncontrolled Resource Consumption in Hashicorp Nomad in github.com/hashicorp/nomad
Uncontrolled Resource Consumption in Hashicorp Nomad in github.com/hashicorp/nomad
Uncontrolled Resource Consumption in Hashicorp Nomad in github.com/hashicorp/nomad
OSV
Uncontrolled Resource Consumption in Hashicorp Nomad
osv·2023-02-17
CVE-2023-0821 [MEDIUM] Uncontrolled Resource Consumption in Hashicorp Nomad
Uncontrolled Resource Consumption in Hashicorp Nomad
HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source can cause excessive disk usage. Fixed in 1.2.16, 1.3.9, and 1.4.4.
GHSA
Uncontrolled Resource Consumption in Hashicorp Nomad
ghsa·2023-02-17
CVE-2023-0821 [MEDIUM] CWE-400 Uncontrolled Resource Consumption in Hashicorp Nomad
Uncontrolled Resource Consumption in Hashicorp Nomad
HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source can cause excessive disk usage. Fixed in 1.2.16, 1.3.9, and 1.4.4.
OSV
CVE-2023-0821: HashiCorp Nomad and Nomad Enterprise 1
osv·2023-02-16·CVSS 6.5
CVE-2023-0821 [MEDIUM] CVE-2023-0821: HashiCorp Nomad and Nomad Enterprise 1
HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source can cause excessive disk usage. Fixed in 1.2.16, 1.3.9, and 1.4.4.
Red Hat
hashicorp/nomad: Nomad Client Vulnerable to Decompression Bombs in Artifact Block
vendor_redhat·2023-02-17·CVSS 6.5
CVE-2023-0821 [MEDIUM] CWE-409 hashicorp/nomad: Nomad Client Vulnerable to Decompression Bombs in Artifact Block
hashicorp/nomad: Nomad Client Vulnerable to Decompression Bombs in Artifact Block
HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source can cause excessive disk usage. Fixed in 1.2.16, 1.3.9, and 1.4.4.
A flaw was found in the HashiCorp Nomad package. A job submitted with a maliciously compressed source (for example, “Zip Bomb”) in an artifact stanza can cause excessive disk resource consumption, crashing a Nomad client agent.
Package: openshift-logging/logging-loki-rhel8 (Logging Subsystem for Red Hat OpenShift) - Not affected
Package: openshift-logging/lokistack-gateway-rhel8 (Logging Subsystem for Red Hat OpenShift) - Not affected
Package: rhacm2/thanos-rhel7 (Red Hat Advanced Cluster Management for Kubernetes
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-02-16
Published