Описание
HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 event stream subscribers using a token with TTL receive updates until token garbage is collected. Fixed in 1.4.2.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| nomad | not-affected | package |
Примечания
https://discuss.hashicorp.com/t/hcsec-2022-26-nomad-s-event-stream-subscriber-using-acl-token-with-ttl-receive-updates-until-garbage-collected/46168
EPSS
Процентиль: 39%
0.00177
Низкий
Связанные уязвимости
CVSS3: 2.7
ubuntu
около 3 лет назад
HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 event stream subscribers using a token with TTL receive updates until token garbage is collected. Fixed in 1.4.2.
CVSS3: 2.7
nvd
около 3 лет назад
HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 event stream subscribers using a token with TTL receive updates until token garbage is collected. Fixed in 1.4.2.
CVSS3: 2.7
github
около 3 лет назад
HashiCorp Nomad vulnerable to Insufficient Session Expiration
EPSS
Процентиль: 39%
0.00177
Низкий