HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter to escalate to management-level privileges using workload identity and task API. Fixed in 1.5.1.
References
Link | Resource |
---|---|
https://discuss.hashicorp.com/t/hcsec-2023-08-nomad-job-submitter-privilege-escalation-using-workload-identity/51389 | Issue Tracking Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
17 Mar 2023, 03:58
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:hashicorp:nomad:1.5.0:*:*:*:-:*:*:* cpe:2.3:a:hashicorp:nomad:1.5.0:*:*:*:enterprise:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
First Time |
Hashicorp
Hashicorp nomad |
|
References | (MISC) https://discuss.hashicorp.com/t/hcsec-2023-08-nomad-job-submitter-privilege-escalation-using-workload-identity/51389 - Issue Tracking, Vendor Advisory | |
CWE | NVD-CWE-noinfo |
14 Mar 2023, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-03-14 15:15
Updated : 2023-12-10 14:48
NVD link : CVE-2023-1299
Mitre link : CVE-2023-1299
CVE.ORG link : CVE-2023-1299
JSON object : View
Products Affected
hashicorp
- nomad
CWE