Github.Com Hashicorp Nomad vulnerabilities

CVE-2022-24683 [HIGH] CWE-22 Arbitrary file reads in HashiCorp Nomad Arbitrary file reads in HashiCorp Nomad Nomad is an easy-to-use, flexible, and performant workload orchestrator that can deploy a mix of microservice, batch, containerized, and non-containerized applications. HashiCorp Nomad and Nomad Enterprise 0.9.2 through 1.0.17, 1.1.11, and 1.2.5 allow operators with read-fs and alloc-exec (or job-submit) capabilities to read arbitrary files on the host filesystem as root. There are curre

CVE-2022-24684 [MEDIUM] CWE-400 Nomad Spread Job Stanza May Trigger Panic in Servers Nomad Spread Job Stanza May Trigger Panic in Servers Nomad and Nomad Enterprise allows operators with job-submit capabilities to use the spread stanza in a way such that it can cause panic in Nomad servers. This vulnerability, CVE-2022-24684, was fixed in Nomad 1.0.18, 1.1.12, and 1.2.6.

CVE-2020-27195 [CRITICAL] CWE-416 Use After Free in HashiCorp Nomad Use After Free in HashiCorp Nomad HashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5 client file sandbox feature can be subverted using either the template or artifact stanzas. Fixed in 0.12.6, 0.11.5, and 0.10.6

CVE-2020-28348 [MEDIUM] CWE-22 Path Traversal in HashiCorp Nomad Path Traversal in HashiCorp Nomad HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature (github.com/hashicorp/nomad/drivers/docker) may be subverted when not explicitly disabled or when using a volume mount type. Fixed in 0.12.8, 0.11.7, and 0.10.8.

CVE-2019-14802 [MEDIUM] CWE-200 Hashicorp Nomad Information Exposure Through Environmental Variables Hashicorp Nomad Information Exposure Through Environmental Variables In Nomad before version 0.9.5, when rendering a task template, all environment variables were available to the rendering task. As a fix, only task environment variables are used.

CVE-2022-24686 [MEDIUM] CWE-362 HashiCorp Nomad Artifact Download Race Condition HashiCorp Nomad Artifact Download Race Condition HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.11, and 1.2.5 artifact download functionality has a race condition such that the Nomad client agent could download the wrong artifact into the wrong destination. This issue is fixed in 1.0.18, 1.1.12, and 1.2.6.

CVE-2021-43415 [HIGH] CWE-287 Improper Authentication in HashiCorp Nomad Improper Authentication in HashiCorp Nomad HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. Fixed in 1.0.14, 1.1.8, and 1.2.1.

CVE-2021-37218 [HIGH] CWE-295 Privilege escalation in Hashicorp Nomad Privilege escalation in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.0.10 and 1.1.4.

CVE-2021-3283 [HIGH] CWE-269 Improper Privilege Management in HashiCorp Nomad Improper Privilege Management in HashiCorp Nomad HashiCorp Nomad and Nomad Enterprise up to 0.12.9 exec and java task drivers can access processes associated with other tasks on the same node. Fixed in 0.12.10, and 1.0.3.

CVE-2021-32575 [MEDIUM] CWE-1100 Improper network isolation in Hashicorp Nomad Improper network isolation in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge networking mode allows ARP spoofing from other bridged tasks on the same node. Fixed in 0.12.12, 1.0.5, and 1.1.0 RC1.

CVE-2020-7218 [HIGH] CWE-400 Allocation of Resources Without Limits or Throttling in HashiCorp Nomad Allocation of Resources Without Limits or Throttling in HashiCorp Nomad HashiCorp Nomad and Nomad Enterprise before 0.10.3 allow unbounded resource usage. ### Specific Go Packages Affected github.com/hashicorp/nomad/command/agent

CVE-2020-7956 [HIGH] CWE-295 Improper Certificate Validation in HashiCorp Nomad Improper Certificate Validation in HashiCorp Nomad HashiCorp Nomad and Nomad Enterprise up to 0.10.2 incorrectly validated role/region associated with TLS certificates used for mTLS RPC, and were susceptible to privilege escalation. Fixed in 0.10.3.