CVE-2021-3283 – github.com/hashicorp/nomad

Package

Manager: go
Name: github.com/hashicorp/nomad
Vulnerable Version: >=1.0.0 <1.0.3 || >=0 <0.12.10

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00394 pctl0.59499

Details

Improper Privilege Management in HashiCorp Nomad HashiCorp Nomad and Nomad Enterprise up to 0.12.9 exec and java task drivers can access processes associated with other tasks on the same node. Fixed in 0.12.10, and 1.0.3.

Metadata

Created: 2021-06-24T20:28:28Z
Modified: 2021-05-12T21:38:07Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/06/GHSA-35qp-xq9f-2rjx/GHSA-35qp-xq9f-2rjx.json
CWE IDs: ["CWE-269"]
Alternative ID: GHSA-35qp-xq9f-2rjx
Finding: F159
Auto approve: 1