CVE-2021-43415

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-43415

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-43415.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-43415

Aliases

Related

UBUNTU-CVE-2021-43415

Published

2021-12-03T22:15:07Z

Modified

2025-01-14T10:01:03.017669Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. Fixed in 1.0.14, 1.1.8, and 1.2.1.

References

Affected packages

Git / github.com/hashicorp/nomad

Affected ranges

Type: GIT
Repo: https://github.com/hashicorp/nomad
Events: Introduced

f99f1e27bb66bee36a1f3cdf00335e81e93ffff2

Fixed

189d3f1b8dbd2c6971752382e0800927d80edda7

Affected versions

v1.*

v1.1.0

v1.1.2

v1.1.3

v1.1.4

v1.1.5

v1.1.6

v1.1.7