Headline

GHSA-f8r8-h93m-mj77: HashiCorp Nomad vulnerable to unauthenticated client agent HTTP request privilege escalation

HashiCorp Nomad and Nomad Enterprise versions 1.5.0 up to 1.5.2 allow unauthenticated users to bypass intended ACL authorizations for clusters where mTLS is not enabled. This issue is fixed in version 1.5.3.

1 year ago

ghsa

Open in Source

#git #auth #ssl

HashiCorp Nomad vulnerable to unauthenticated client agent HTTP request privilege escalation

High severity GitHub Reviewed Published Apr 5, 2023 to the GitHub Advisory Database • Updated Apr 6, 2023

1 year ago

CVE

Open in Source

#auth #ssl

ghsa: Latest News

GHSA-6gf2-ffq8-gcww: GHSL-2024-288: SickChill open redirect in login

10 hours ago

ghsa

GHSA-j3f9-p6hm-5w6q: Carbon has an arbitrary file include via unvalidated input passed to Carbon::setLocale

11 hours ago

ghsa

GHSA-cjgq-5qmw-rcj6: keras Path Traversal vulnerability

14 hours ago

ghsa

GHSA-j4jw-m6xr-fv6c: Soft Serve vulnerable to path traversal attacks

17 hours ago

ghsa

GHSA-mjf9-4pcv-vfg7: Apache OpenMeetings vulnerable to Deserialization of Untrusted Data

23 hours ago

ghsa

Headline

GHSA-f8r8-h93m-mj77: HashiCorp Nomad vulnerable to unauthenticated client agent HTTP request privilege escalation

Related news

ghsa: Latest News