HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.5.0 did not correctly enforce deny policies applied to a workload’s variables. Fixed in 1.4.6 and 1.5.1.
References
Link | Resource |
---|---|
https://discuss.hashicorp.com/t/hcsec-2023-09-nomad-acls-can-not-deny-access-to-workloads-own-variables/51390 | Issue Tracking Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: HashiCorp
Published: 2023-03-14T14:45:24.074Z
Updated: 2023-03-14T14:45:24.074Z
Reserved: 2023-03-09T18:50:52.818Z
Link: CVE-2023-1296
JSON object: View
NVD Information
Status : Modified
Published: 2023-03-14T15:15:11.503
Modified: 2023-11-07T04:03:04.360
Link: CVE-2023-1296
JSON object: View
Redhat Information
No data.