CVE-2021-43415
- Source
- https://cve.org/CVERecord?id=CVE-2021-43415
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-43415.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-43415
- Aliases
- Downstream
- Published
- 2021-12-03T22:15:07.757Z
- Modified
- 2026-03-10T23:39:55.736980Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. Fixed in 1.0.14, 1.1.8, and 1.2.1.
- References
Affected packages
Git / github.com/hashicorp/nomad
Affected ranges
- Type
- GIT
- Repo
- https://github.com/hashicorp/nomad
- Events
-
IntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "1.0.0" }, { "fixed": "1.0.14" }, { "introduced": "1.0.0" }, { "fixed": "1.0.14" }, { "introduced": "1.1.0" }, { "fixed": "1.1.8" }, { "introduced": "1.1.0" }, { "fixed": "1.1.8" }, { "introduced": "0" }, { "last_affected": "1.2.0-NA" }, { "introduced": "0" }, { "last_affected": "1.2.0-NA" } ] }