logo

Database

Sensitive information sent insecurely In github.com/hashicorp/nomad

Description

Nomad Caller ACL Token’s Secret ID is Exposed to Sentinel A vulnerability was identified in Nomad such that the API caller’s ACL token secret ID is exposed to Sentinel policies. This vulnerability, CVE-2023-3299, affects Nomad from 1.2.11 up to 1.5.6, and 1.4.10 and was fixed in 1.6.0, 1.5.7, and 1.4.11.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2023-32992. NVD-2023-32993. OSV-2023-32994. GCVE-2023-3299

References

1. https://github.com/hashicorp/nomad/issues/179072. https://discuss.hashicorp.com/t/hcsec-2023-21-nomad-caller-acl-tokens-secret-id-is-exposed-to-sentinel/562713. https://pkg.go.dev/vuln/GO-2024-2669

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.

FLAT-UBY17 – Vulnerability | Fluid Attacks Database