Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-0821

Опубликовано: 17 фев. 2023
Источник: redhat
CVSS3: 6.5
EPSS Низкий

Описание

HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source can cause excessive disk usage. Fixed in 1.2.16, 1.3.9, and 1.4.4.

A flaw was found in the HashiCorp Nomad package. A job submitted with a maliciously compressed source (for example, “Zip Bomb”) in an artifact stanza can cause excessive disk resource consumption, crashing a Nomad client agent.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Logging Subsystem for Red Hat OpenShiftopenshift-logging/logging-loki-rhel8Not affected
Logging Subsystem for Red Hat OpenShiftopenshift-logging/lokistack-gateway-rhel9Not affected
Red Hat Advanced Cluster Management for Kubernetes 2rhacm2/thanos-rhel7Not affected
Red Hat OpenShift Container Platform 4openshift4/ose-cluster-monitoring-operatorNot affected
Red Hat OpenShift Container Platform 4openshift4/ose-installerNot affected
Red Hat OpenShift Container Platform 4openshift4/ose-prometheusNot affected
Red Hat OpenShift Container Platform 4openshift4/ose-prometheus-rhel9-operatorNot affected
Red Hat OpenShift Container Platform 4openshift4/ose-prom-label-proxyNot affected
Red Hat OpenShift Container Platform 4openshift4/ose-thanos-rhel8Not affected
Red Hat OpenShift Container Platform 4openshift4/topology-aware-lifecycle-manager-rhel8-operatorNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-409
https://bugzilla.redhat.com/show_bug.cgi?id=2170843hashicorp/nomad: Nomad Client Vulnerable to Decompression Bombs in Artifact Block

EPSS

Процентиль: 47%
0.00237
Низкий

6.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-0821

CVSS3: 6.5
ubuntu
больше 2 лет назад

HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source can cause excessive disk usage. Fixed in 1.2.16, 1.3.9, and 1.4.4.

nvd логотип

CVE-2023-0821

CVSS3: 6.5
nvd
больше 2 лет назад

HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source can cause excessive disk usage. Fixed in 1.2.16, 1.3.9, and 1.4.4.

debian логотип

CVE-2023-0821

CVSS3: 6.5
debian
больше 2 лет назад

HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 job ...

github логотип

GHSA-w479-w22g-cffh

CVSS3: 6.5
github
больше 2 лет назад

Uncontrolled Resource Consumption in Hashicorp Nomad

fstec логотип

BDU:2023-01744

CVSS3: 6.5
fstec
больше 2 лет назад

Уязвимость оркестратора приложений Nomad, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 47%
0.00237
Низкий

6.5 Medium

CVSS3