Описание
Nomad Community and Nomad Enterprise ("Nomad") allocations are vulnerable to privilege escalation within a namespace through unredacted workload identity tokens. This vulnerability, identified as CVE-2024-12678, is fixed in Nomad Community Edition 1.9.4 and Nomad Enterprise 1.9.4, 1.8.8, and 1.7.16.
A flaw was found in hashicorp/nomad. Affected versions of this package are vulnerable to privilege escalation within a namespace through unredacted workload identity tokens.
Отчет
HashiCorp/Nomad is a third party dependency in Red Hat Distributed Tracing. The affected codebase of HashiCorp/Nomad is not shipped in Red Hat Distributed Tracing.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift distributed tracing 3 | rhosdt/opentelemetry-collector-rhel8 | Not affected | ||
| Red Hat OpenShift distributed tracing 3 | rhosdt/opentelemetry-operator-bundle | Not affected | ||
| Red Hat OpenShift distributed tracing 3 | rhosdt/opentelemetry-rhel8-operator | Not affected | ||
| Red Hat OpenShift distributed tracing 3 | rhosdt/opentelemetry-target-allocator-rhel8 | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
Nomad Community and Nomad Enterprise ("Nomad") allocations are vulnerable to privilege escalation within a namespace through unredacted workload identity tokens. This vulnerability, identified as CVE-2024-12678, is fixed in Nomad Community Edition 1.9.4 and Nomad Enterprise 1.9.4, 1.8.8, and 1.7.16.
Nomad Community and Nomad Enterprise ("Nomad") allocations are vulnerable to privilege escalation within a namespace through unredacted workload identity tokens. This vulnerability, identified as CVE-2024-12678, is fixed in Nomad Community Edition 1.9.4 and Nomad Enterprise 1.9.4, 1.8.8, and 1.7.16.
Nomad Community and Nomad Enterprise ("Nomad") allocations are vulnera ...
Hashicorp Nomad Incorrect Privilege Assignment vulnerability
EPSS
6.5 Medium
CVSS3