Описание
Hashicorp Nomad Incorrect Authorization vulnerability
Nomad Community and Nomad Enterprise ("Nomad") volume specification is vulnerable to arbitrary cross-namespace volume creation through unauthorized Container Storage Interface (CSI) volume writes. This vulnerability, identified as CVE-2024-10975, is fixed in Nomad Community Edition 1.9.2 and Nomad Enterprise 1.9.2, 1.8.7, and 1.7.15.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2024-10975
- https://github.com/hashicorp/nomad/commit/30849c518e16647a4f698e5f5cc82bef2bf40e4d
- https://discuss.hashicorp.com/t/hcsec-2024-27-nomad-vulnerable-to-cross-namespace-volume-creation-abusing-csi-write-permission
- https://github.com/advisories/GHSA-2w5v-x29g-jw7j
Пакеты
github.com/hashicorp/nomad
<= 1.9.1
Отсутствует
Связанные уязвимости
Nomad Community and Nomad Enterprise ("Nomad") volume specification is vulnerable to arbitrary cross-namespace volume creation through unauthorized Container Storage Interface (CSI) volume writes. This vulnerability, identified as CVE-2024-10975, is fixed in Nomad Community Edition 1.9.2 and Nomad Enterprise 1.9.2, 1.8.7, and 1.7.15.
Nomad Community and Nomad Enterprise ("Nomad") volume specification is vulnerable to arbitrary cross-namespace volume creation through unauthorized Container Storage Interface (CSI) volume writes. This vulnerability, identified as CVE-2024-10975, is fixed in Nomad Community Edition 1.9.2 and Nomad Enterprise 1.9.2, 1.8.7, and 1.7.15.
Nomad Community and Nomad Enterprise ("Nomad") volume specification is ...
Уязвимость компонента Container Storage Interface (CSI) оркестратора приложений Nomad, позволяющая нарушителю оказать влияние на целостность защиаемой информации
