GHSA-cj2h-ww36-v932

Опубликовано: 18 мая 2021

Источник: github

Github: Прошло ревью

CVSS3: 9.8

Описание

Improper Certificate Validation in HashiCorp Nomad

HashiCorp Nomad and Nomad Enterprise up to 0.10.2 incorrectly validated role/region associated with TLS certificates used for mTLS RPC, and were susceptible to privilege escalation. Fixed in 0.10.3.

Ссылки

Пакеты

Наименование

github.com/hashicorp/nomad

Затронутые версииВерсия исправления

< 0.10.3

0.10.3

EPSS

Процентиль: 47%

0.00244

Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2020-7956

Дефекты

CWE-295

Связанные уязвимости

CVE-2020-7956

CVSS3: 9.8

ubuntu

около 6 лет назад

HashiCorp Nomad and Nomad Enterprise up to 0.10.2 incorrectly validated role/region associated with TLS certificates used for mTLS RPC, and were susceptible to privilege escalation. Fixed in 0.10.3.

CVE-2020-7956

CVSS3: 9.8

nvd

около 6 лет назад

HashiCorp Nomad and Nomad Enterprise up to 0.10.2 incorrectly validated role/region associated with TLS certificates used for mTLS RPC, and were susceptible to privilege escalation. Fixed in 0.10.3.

CVE-2020-7956

CVSS3: 9.8

debian

около 6 лет назад

HashiCorp Nomad and Nomad Enterprise up to 0.10.2 incorrectly validate ...

EPSS

Процентиль: 47%

0.00244

Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2020-7956

Дефекты

CWE-295