CVE-2023-3072
published 2023-07-20CVE-2023-3072: HashiCorp Nomad and Nomad Enterprise 0.7.0 up to 1.5.6 and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0…
PriorityP414low3.8CVSS 3.1
AVNACLPRHUINSUCLILAN
EPSS
0.36%
28.3th percentile
HashiCorp Nomad and Nomad Enterprise 0.7.0 up to 1.5.6 and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | hashicorp_nomad | >= 0.7.0 < 1.4.11 | 1.4.11 |
| github.com | hashicorp_nomad | >= 1.5.0 < 1.5.6 | 1.5.6 |
| hashicorp | nomad | 0.7.0 – 1.4.10 | — |
| hashicorp | nomad | 1.5.0 – 1.5.6 | — |
| hashicorp | nomad_enterprise | 0.7.0 – 1.4.10 | — |
CVSS provenance
nvdv3.13.8LOWCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
ghsa3.8LOW
osv3.8LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
ACL security vulnerability in github.com/hashicorp/nomad
osv·2024-04-04
CVE-2023-3072 ACL security vulnerability in github.com/hashicorp/nomad
ACL security vulnerability in github.com/hashicorp/nomad
An ACL policy using a block without label can be applied to unexpected resources in Nomad, a distributed, highly available scheduler designed for effortless operations and management of applications.
GHSA
Nomad ACL Policies without Label are Applied to Unexpected Resources
ghsa·2023-07-20·CVSS 3.8
CVE-2023-3072 [LOW] CWE-266 Nomad ACL Policies without Label are Applied to Unexpected Resources
Nomad ACL Policies without Label are Applied to Unexpected Resources
A vulnerability was identified in Nomad, an ACL policy using a block without label may be applied to unexpected resources. This vulnerability, CVE-2023-3072, affects Nomad from 0.7 up to 1.5.6 and 1.4.10 and was fixed in 1.6.0, 1.5.7, and 1.4.11.
OSV
CVE-2023-3072: HashiCorp Nomad and Nomad Enterprise 0
osv·2023-07-20·CVSS 3.8
CVE-2023-3072 [LOW] CVE-2023-3072: HashiCorp Nomad and Nomad Enterprise 0
HashiCorp Nomad and Nomad Enterprise 0.7.0 up to 1.5.6 and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11.
OSV
Nomad ACL Policies without Label are Applied to Unexpected Resources
osv·2023-07-20·CVSS 3.8
CVE-2023-3072 [LOW] Nomad ACL Policies without Label are Applied to Unexpected Resources
Nomad ACL Policies without Label are Applied to Unexpected Resources
A vulnerability was identified in Nomad, an ACL policy using a block without label may be applied to unexpected resources. This vulnerability, CVE-2023-3072, affects Nomad from 0.7 up to 1.5.6 and 1.4.10 and was fixed in 1.6.0, 1.5.7, and 1.4.11.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-07-20
Published