cbcvebase.
CVE-2023-1296
published 2023-03-14

CVE-2023-1296: HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.5.0 did not correctly enforce deny policies applied to a workload’s variables. Fixed in 1.4.6 and 1.5.1.

PriorityP423medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
0.54%
41.3th percentile
HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.5.0 did not correctly enforce deny policies applied to a workload’s variables. Fixed in 1.4.6 and 1.5.1.

Affected

6 ranges
VendorProductVersion rangeFixed in
github.comhashicorp_nomad>= 1.4.0 < 1.4.61.4.6
github.comhashicorp_nomad>= 1.5.0 < 1.5.11.5.1
hashicorpnomad
hashicorpnomad>= 1.4.0 < 1.4.61.4.6
hashicorpnomad_enterprise
hashicorpnomad_enterprise>= 1.4.0 < 1.4.61.4.6

CVSS provenance

nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
ghsa5.3MEDIUM
osv5.3MEDIUM
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.