Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2021-43415

Опубликовано: 03 дек. 2021
Источник: debian

Описание

HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. Fixed in 1.0.14, 1.1.8, and 1.2.1.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
nomadremovedpackage

Примечания

  • https://discuss.hashicorp.com/t/hcsec-2021-31-nomad-qemu-task-driver-allowed-paths-bypass-with-job-args/32288

  • https://github.com/hashicorp/nomad/issues/11542

  • https://github.com/hashicorp/nomad/pull/11554

  • https://github.com/hashicorp/nomad/commit/40de248b940eb7babbd4a08ebe9d6874758f5285 (v1.2.1)

Связанные уязвимости

ubuntu логотип

CVE-2021-43415

CVSS3: 8.8
ubuntu
около 4 лет назад

HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. Fixed in 1.0.14, 1.1.8, and 1.2.1.

redhat логотип

CVE-2021-43415

CVSS3: 8.8
redhat
около 4 лет назад

HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. Fixed in 1.0.14, 1.1.8, and 1.2.1.

nvd логотип

CVE-2021-43415

CVSS3: 8.8
nvd
около 4 лет назад

HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. Fixed in 1.0.14, 1.1.8, and 1.2.1.

github логотип

GHSA-2jhh-5xm2-j4gf

CVSS3: 8.8
github
около 4 лет назад

Improper Authentication in HashiCorp Nomad