Headline
GHSA-7wg4-8m5p-hrfg: HashiCorp Nomad vulnerable to non-sensitive metadata exposure
HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. Fixed in 1.4.2.
HashiCorp Nomad vulnerable to non-sensitive metadata exposure
Moderate severity GitHub Reviewed Published Nov 10, 2022 • Updated Nov 10, 2022
Related news
CVE-2022-3866: HCSEC-2022-25 - Nomad’s Workload Identity Token Can List Non-sensitive Metadata For nomad/ Paths
HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. Fixed in 1.4.2.