CVE-2025-1296
published 2025-03-10CVE-2025-1296: Nomad Community and Nomad Enterprise (“Nomad”) are vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs…
PriorityP336medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
0.45%
35.8th percentile
Nomad Community and Nomad Enterprise (“Nomad”) are vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs. This vulnerability, identified as CVE-2025-1296, is fixed in Nomad Community Edition 1.9.7 and Nomad Enterprise 1.9.7, 1.8.11, and 1.7.19.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | hashicorp_nomad | >= 0 < 1.9.7 | 1.9.7 |
| github.com | hashicorp_nomad | 0 – 1.9.6 | — |
| hashicorp | nomad | >= 1.0.0 < 1.7.19 | 1.7.19 |
| hashicorp | nomad | >= 1.0.0 < 1.9.7 | 1.9.7 |
| hashicorp | nomad | >= 1.8.0 < 1.8.11 | 1.8.11 |
| hashicorp | nomad | >= 1.9.0 < 1.9.7 | 1.9.7 |
| hashicorp | nomad_enterprise | >= 1.0.0 < 1.9.7 | 1.9.7 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
ghsa6.5MEDIUM
osv6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Unintentional exposure of the workload identity token and client secret in logs in github.com/hashicorp/nomad
osv·2025-03-13
CVE-2025-1296 Unintentional exposure of the workload identity token and client secret in logs in github.com/hashicorp/nomad
Unintentional exposure of the workload identity token and client secret in logs in github.com/hashicorp/nomad
Unintentional exposure of the workload identity token and client secret in logs in github.com/hashicorp/nomad
OSV
Nomad is vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs
osv·2025-03-10·CVSS 6.5
CVE-2025-1296 [MEDIUM] Nomad is vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs
Nomad is vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs
Nomad Community and Nomad Enterprise (“Nomad”) are vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs. This vulnerability, identified as CVE-2025-1296, is fixed in Nomad Community Edition 1.9.7 and Nomad Enterprise 1.9.7, 1.8.11, and 1.7.19.
OSV
CVE-2025-1296: Nomad Community and Nomad Enterprise (“Nomad”) are vulnerable to unintentional exposure of the workload identity token and client secret token in audi
osv·2025-03-10·CVSS 6.5
CVE-2025-1296 [MEDIUM] CVE-2025-1296: Nomad Community and Nomad Enterprise (“Nomad”) are vulnerable to unintentional exposure of the workload identity token and client secret token in audi
Nomad Community and Nomad Enterprise (“Nomad”) are vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs. This vulnerability, identified as CVE-2025-1296, is fixed in Nomad Community Edition 1.9.7 and Nomad Enterprise 1.9.7, 1.8.11, and 1.7.19.
GHSA
Nomad is vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs
ghsa·2025-03-10·CVSS 6.5
CVE-2025-1296 [MEDIUM] CWE-532 Nomad is vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs
Nomad is vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs
Nomad Community and Nomad Enterprise (“Nomad”) are vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs. This vulnerability, identified as CVE-2025-1296, is fixed in Nomad Community Edition 1.9.7 and Nomad Enterprise 1.9.7, 1.8.11, and 1.7.19.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-03-10
Published