CVE-2021-32575 – github.com/hashicorp/nomad

Package

Manager: go
Name: github.com/hashicorp/nomad
Vulnerable Version: >=1.0.0 <1.0.5 || >=0 <0.12.12

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00182 pctl0.4009

Details

Improper network isolation in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge networking mode allows ARP spoofing from other bridged tasks on the same node. Fixed in 0.12.12, 1.0.5, and 1.1.0 RC1.

Metadata

Created: 2021-06-24T20:28:21Z
Modified: 2021-06-23T18:01:24Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/06/GHSA-vf6q-9f2f-mwhv/GHSA-vf6q-9f2f-mwhv.json
CWE IDs: ["CWE-1100"]
Alternative ID: GHSA-vf6q-9f2f-mwhv
Finding: F014
Auto approve: 1