CVE-2023-1299
published 2023-03-14CVE-2023-1299: HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter to escalate to management-level privileges using workload identity and task API. Fixed in…
PriorityP350high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.53%
40.8th percentile
HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter to escalate to management-level privileges using workload identity and task API. Fixed in 1.5.1.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | hashicorp_nomad | >= 1.5.0 < 1.5.1 | 1.5.1 |
| hashicorp | nomad | — | — |
| hashicorp | nomad_enterprise | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
ghsa8.8HIGH
osv8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Nomad Job Submitter Privilege Escalation Using Workload Identity in github.com/hashicorp/nomad
osv·2024-08-20
CVE-2023-1299 Nomad Job Submitter Privilege Escalation Using Workload Identity in github.com/hashicorp/nomad
Nomad Job Submitter Privilege Escalation Using Workload Identity in github.com/hashicorp/nomad
Nomad Job Submitter Privilege Escalation Using Workload Identity in github.com/hashicorp/nomad
OSV
CVE-2023-1299: HashiCorp Nomad and Nomad Enterprise 1
osv·2023-03-14·CVSS 8.8
CVE-2023-1299 [HIGH] CVE-2023-1299: HashiCorp Nomad and Nomad Enterprise 1
HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter to escalate to management-level privileges using workload identity and task API. Fixed in 1.5.1.
GHSA
Nomad Job Submitter Privilege Escalation Using Workload Identity
ghsa·2023-03-14·CVSS 8.8
CVE-2023-1299 [HIGH] Nomad Job Submitter Privilege Escalation Using Workload Identity
Nomad Job Submitter Privilege Escalation Using Workload Identity
### Summary
A vulnerability was identified in Nomad and Nomad Enterprise (“Nomad”) such that a user with the submit-job ACL capability can submit a job that can escalate to management-level privileges. This vulnerability, CVE-2023-1299, was introduced in Nomad 1.5.0 and fixed in Nomad 1.5.1.
### Background
Nomad 1.4.0 introduced the concept of workload identity so that tasks can access variables without needing to access them through Nomad HTTP API with an ACL token.
In 1.5.0, the identity block was introduced, which exposes the workload identity token to the workload so it can access Nomad HTTP API via a unix domain socket without configuring mTLS.
### Details
During internal testing, we discovered it was possible to abu
OSV
Nomad Job Submitter Privilege Escalation Using Workload Identity
osv·2023-03-14·CVSS 8.8
CVE-2023-1299 [HIGH] Nomad Job Submitter Privilege Escalation Using Workload Identity
Nomad Job Submitter Privilege Escalation Using Workload Identity
### Summary
A vulnerability was identified in Nomad and Nomad Enterprise (“Nomad”) such that a user with the submit-job ACL capability can submit a job that can escalate to management-level privileges. This vulnerability, CVE-2023-1299, was introduced in Nomad 1.5.0 and fixed in Nomad 1.5.1.
### Background
Nomad 1.4.0 introduced the concept of workload identity so that tasks can access variables without needing to access them through Nomad HTTP API with an ACL token.
In 1.5.0, the identity block was introduced, which exposes the workload identity token to the workload so it can access Nomad HTTP API via a unix domain socket without configuring mTLS.
### Details
During internal testing, we discovered it was possible to abu
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-03-14
Published