← voltar
CVE-2021-43415

CVE-2021-43415

EPSS 1.2%
HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. Fixed in 1.0.14, 1.1.8, and 1.2.1.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://discuss.hashicorp.com/t/hcsec-2021-31-nomad-qemu-task-driver-allowed-paths-bypass-with-job-args/32288https://www.hashicorp.com/blog/category/nomad