Fluid Attacks Database

Description

Nomad ACL Policies without Label are Applied to Unexpected Resources A vulnerability was identified in Nomad, an ACL policy using a block without label may be applied to unexpected resources. This vulnerability, CVE-2023-3072, affects Nomad from 0.7 up to 1.5.6 and 1.4.10 and was fixed in 1.6.0, 1.5.7, and 1.4.11.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
go	github.com/hashicorp/nomad	>=0.7.0 <1.4.11 \|\| >=1.5.0 <1.5.6	1.4.11, 1.5.6

Aliases

1. CVE-2023-30722. NVD-2023-30723. OSV-2023-30724. GCVE-2023-3072

References

1. https://discuss.hashicorp.com/t/hcsec-2023-20-nomad-acl-policies-without-label-are-applied-to-unexpected-resources/562702. https://pkg.go.dev/vuln/GO-2024-2670

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.