Github.Com Hashicorp Nomad vulnerabilities

CVE-2025-4922 [HIGH] CWE-266 Hashicorp Nomad Incorrect Privilege Assignment vulnerability Hashicorp Nomad Incorrect Privilege Assignment vulnerability Nomad Community and Nomad Enterprise (“Nomad”) prefix-based ACL policy lookup can lead to incorrect rule application and shadowing. This vulnerability, identified as CVE-2025-4922, is fixed in Nomad Community Edition 1.10.2 and Nomad Enterprise 1.10.2, 1.9.10, and 1.8.14.

CVE-2025-1296 [MEDIUM] CWE-532 Nomad is vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs Nomad is vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs Nomad Community and Nomad Enterprise (“Nomad”) are vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs. This vulnerability, identified as CVE-2025-1296, is fixed in Nomad Community Edi

CVE-2024-12678 [MEDIUM] CWE-266 Hashicorp Nomad Incorrect Privilege Assignment vulnerability Hashicorp Nomad Incorrect Privilege Assignment vulnerability Nomad Community and Nomad Enterprise ("Nomad") allocations are vulnerable to privilege escalation within a namespace through unredacted workload identity tokens. This vulnerability, identified as CVE-2024-12678, is fixed in Nomad Community Edition 1.9.4 and Nomad Enterprise 1.9.4, 1.8.8, and 1.7.16.

CVE-2024-10975 [HIGH] CWE-863 Hashicorp Nomad Incorrect Authorization vulnerability Hashicorp Nomad Incorrect Authorization vulnerability Nomad Community and Nomad Enterprise ("Nomad") volume specification is vulnerable to arbitrary cross-namespace volume creation through unauthorized Container Storage Interface (CSI) volume writes. This vulnerability, identified as CVE-2024-10975, is fixed in Nomad Community Edition 1.9.2 and Nomad Enterprise 1.9.2, 1.8.7, and 1.7.15.

CVE-2024-7625 [MEDIUM] CWE-610 Nomad Vulnerable to Allocation Directory Escape On Non-Existing File Paths Through Archive Unpacking Nomad Vulnerable to Allocation Directory Escape On Non-Existing File Paths Through Archive Unpacking In HashiCorp Nomad and Nomad Enterprise from 0.6.1 up to 1.6.13, 1.7.10, and 1.8.2, the archive unpacking process is vulnerable to writes outside the allocation directory during migration of allocation directories when multiple archive headers target the same file.

CVE-2024-6717 [HIGH] CWE-610 HashiCorp Nomad is vulnerable to path escape through archive unpacking during migration HashiCorp Nomad is vulnerable to path escape through archive unpacking during migration HashiCorp Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 1.8.1 archive unpacking during migration is vulnerable to path escaping of the allocation directory. This vulnerability, CVE-2024-6717, is fixed in Nomad 1.6.13, 1.7.10, and 1.8.2.

CVE-2024-1329 [HIGH] CWE-59 HashiCorp Nomad vulnerable to symlink attacks HashiCorp Nomad vulnerable to symlink attacks HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. Fixed in Nomad 1.7.4, 1.6.7, 1.5.14.

CVE-2023-3300 [MEDIUM] CWE-266 Nomad Search API Leaks Information About CSI Plugins Nomad Search API Leaks Information About CSI Plugins A vulnerability was identified in Nomad such that the search HTTP API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. This vulnerability, CVE-2023-3300, affects Nomad since 0.11 and was fixed in 1.6.0, 1.5.7, and 1.4.11.

CVE-2023-3072 [LOW] CWE-266 Nomad ACL Policies without Label are Applied to Unexpected Resources Nomad ACL Policies without Label are Applied to Unexpected Resources A vulnerability was identified in Nomad, an ACL policy using a block without label may be applied to unexpected resources. This vulnerability, CVE-2023-3072, affects Nomad from 0.7 up to 1.5.6 and 1.4.10 and was fixed in 1.6.0, 1.5.7, and 1.4.11.

CVE-2023-3299 [LOW] CWE-201 Nomad Caller ACL Token’s Secret ID is Exposed to Sentinel Nomad Caller ACL Token’s Secret ID is Exposed to Sentinel A vulnerability was identified in Nomad such that the API caller’s ACL token secret ID is exposed to Sentinel policies. This vulnerability, CVE-2023-3299, affects Nomad from 1.2.11 up to 1.5.6, and 1.4.10 and was fixed in 1.6.0, 1.5.7, and 1.4.11.

CVE-2023-1296 [MEDIUM] Hashicorp Nomad ACLs Cannot Deny Access to Workload’s Own Variables Hashicorp Nomad ACLs Cannot Deny Access to Workload’s Own Variables A vulnerability was identified in Nomad and Nomad Enterprise (“Nomad”) such that a deny ACL capability could not be applied to a workload’s own variables. If included, the Nomad ACL system will silently fail to block access. This vulnerability, CVE-2023-1296, was fixed in Nomad 1.4.6 and 1.5.1.

CVE-2023-1782 [HIGH] CWE-285 HashiCorp Nomad vulnerable to unauthenticated client agent HTTP request privilege escalation HashiCorp Nomad vulnerable to unauthenticated client agent HTTP request privilege escalation HashiCorp Nomad and Nomad Enterprise versions 1.5.0 up to 1.5.2 allow unauthenticated users to bypass intended ACL authorizations for clusters where mTLS is not enabled. This issue is fixed in version 1.5.3.

CVE-2023-1299 [HIGH] Nomad Job Submitter Privilege Escalation Using Workload Identity Nomad Job Submitter Privilege Escalation Using Workload Identity ### Summary A vulnerability was identified in Nomad and Nomad Enterprise (“Nomad”) such that a user with the submit-job ACL capability can submit a job that can escalate to management-level privileges. This vulnerability, CVE-2023-1299, was introduced in Nomad 1.5.0 and fixed in Nomad 1.5.1. ### Background Nomad 1.4.0 introduced the concept of w

CVE-2023-0821 [MEDIUM] CWE-400 Uncontrolled Resource Consumption in Hashicorp Nomad Uncontrolled Resource Consumption in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source can cause excessive disk usage. Fixed in 1.2.16, 1.3.9, and 1.4.4.

CVE-2022-3866 [MEDIUM] CWE-668 HashiCorp Nomad vulnerable to non-sensitive metadata exposure HashiCorp Nomad vulnerable to non-sensitive metadata exposure HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under `nomad/` that belong to other jobs in the same namespace. Fixed in 1.4.2.

CVE-2022-3867 [LOW] CWE-613 HashiCorp Nomad vulnerable to Insufficient Session Expiration HashiCorp Nomad vulnerable to Insufficient Session Expiration HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 event stream subscribers using a token with TTL receive updates until token garbage is collected. Fixed in 1.4.2.

CVE-2022-41606 [MEDIUM] CWE-20 Nomad Panics On Job Submission With Bad Artifact Stanza Source URL Nomad Panics On Job Submission With Bad Artifact Stanza Source URL HashiCorp Nomad and Nomad Enterprise 1.0.2 up to 1.2.12, and 1.3.5 jobs submitted with an artifact stanza using invalid S3 or GCS URLs can be used to crash client agents. Fixed in 1.2.13, 1.3.6, and 1.4.0.

CVE-2022-30324 [CRITICAL] Privilege escalation in Hashicorp Nomad Privilege escalation in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were impacted by go-getter vulnerabilities enabling privilege escalation through the artifact stanza in submitted jobs onto the client agent host. Fixed in 1.1.14, 1.2.8, and 1.3.1.

CVE-2019-12618 [CRITICAL] CWE-269 Hashicorp Nomad Access Control Issues Hashicorp Nomad Access Control Issues HashiCorp Nomad 0.9.0 through 0.9.1 has Incorrect Access Control via the exec driver.

CVE-2022-24685 [HIGH] CWE-770 HashiCorp Nomad vulnerable to Allocation of Resources Without Limits or Throttling HashiCorp Nomad vulnerable to Allocation of Resources Without Limits or Throttling HashiCorp Nomad and Nomad Enterprise 1.x before 1.0.17, 1.1.x before 1.1.12, and 1.2.x before 1.2.6 is vulnerable to Allocation of Resources Without Limits or Throttling.