Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-14802

Опубликовано: 26 дек. 2022
Источник: redhat
CVSS3: 5.3

Описание

HashiCorp Nomad 0.5.0 through 0.9.4 (fixed in 0.9.5) reveals unintended environment variables to the rendering task during template rendering, aka GHSA-6hv3-7c34-4hx8. This applies to nomad/client/allocrunner/taskrunner/template.

A flaw was found in HashiCorp Nomad. In affected versions of Nomad, when rendering a task template, all environment variables were available to the rendering task. As a fix, only task environment variables are used.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat OpenShift Container Platform 4openshift4/ose-cluster-monitoring-operatorNot affected
Red Hat OpenShift Container Platform 4openshift4/ose-installerNot affected
Red Hat OpenShift Container Platform 4openshift4/ose-prometheusNot affected
Red Hat OpenShift Container Platform 4openshift4/ose-prometheus-rhel9-operatorNot affected
Red Hat OpenShift Container Platform 4openshift4/ose-thanos-rhel8Not affected
Red Hat OpenShift Container Platform 4openshift4/topology-aware-lifecycle-manager-rhel8-operatorAffected
Red Hat Openshift Container Storage 4ocs4/cephcsi-rhel8Out of support scope
Red Hat Openshift Container Storage 4ocs4/mcg-rhel8-operatorOut of support scope
Red Hat Openshift Container Storage 4ocs4/ocs-rhel8-operatorOut of support scope
Red Hat Openshift Container Storage 4ocs4/rook-ceph-rhel8-operatorOut of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-526
https://bugzilla.redhat.com/show_bug.cgi?id=2156437hashicorp/nomad: Information Exposure Through Environmental Variables

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-14802

CVSS3: 5.3
ubuntu
около 3 лет назад

HashiCorp Nomad 0.5.0 through 0.9.4 (fixed in 0.9.5) reveals unintended environment variables to the rendering task during template rendering, aka GHSA-6hv3-7c34-4hx8. This applies to nomad/client/allocrunner/taskrunner/template.

nvd логотип

CVE-2019-14802

CVSS3: 5.3
nvd
около 3 лет назад

HashiCorp Nomad 0.5.0 through 0.9.4 (fixed in 0.9.5) reveals unintended environment variables to the rendering task during template rendering, aka GHSA-6hv3-7c34-4hx8. This applies to nomad/client/allocrunner/taskrunner/template.

debian логотип

CVE-2019-14802

CVSS3: 5.3
debian
около 3 лет назад

HashiCorp Nomad 0.5.0 through 0.9.4 (fixed in 0.9.5) reveals unintende ...

github логотип

GHSA-6hv3-7c34-4hx8

CVSS3: 5.3
github
почти 4 года назад

Hashicorp Nomad Information Exposure Through Environmental Variables

5.3 Medium

CVSS3