CVE-2022-3866

Опубликовано: 10 нояб. 2022

Источник: debian

EPSS Низкий

Описание

HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. Fixed in 1.4.2.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
nomad	not-affected			package

Примечания

https://discuss.hashicorp.com/t/hcsec-2022-25-nomad-s-workload-identity-token-can-list-non-sensitive-metadata-for-nomad-paths/46167

EPSS

Процентиль: 47%

0.0024

Низкий

Связанные уязвимости

CVE-2022-3866

CVSS3: 5

ubuntu

около 3 лет назад

HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. Fixed in 1.4.2.

CVE-2022-3866

CVSS3: 5

nvd

около 3 лет назад

HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. Fixed in 1.4.2.

GHSA-7wg4-8m5p-hrfg

CVSS3: 5

github

около 3 лет назад

HashiCorp Nomad vulnerable to non-sensitive metadata exposure

EPSS

Процентиль: 47%

0.0024

Низкий