CVE-2021-43415

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-43415

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-43415.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-43415

Aliases

Downstream

UBUNTU-CVE-2021-43415

Published

2021-12-03T22:15:07.757Z

Modified

2026-04-10T04:40:06.753176Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. Fixed in 1.0.14, 1.1.8, and 1.2.1.

References

Affected packages

Git / github.com/hashicorp/nomad

Affected ranges

Type

GIT

Repo

https://github.com/hashicorp/nomad

Events

Introduced

a480eed0815c54612856d9115a34bb1d1a773e8c

Fixed

1fae1e1abaf06d55571cfe279788d915345ca5c4

Introduced

a480eed0815c54612856d9115a34bb1d1a773e8c

Fixed

1fae1e1abaf06d55571cfe279788d915345ca5c4

Introduced

f99f1e27bb66bee36a1f3cdf00335e81e93ffff2

Fixed

189d3f1b8dbd2c6971752382e0800927d80edda7

Introduced

f99f1e27bb66bee36a1f3cdf00335e81e93ffff2

Fixed

189d3f1b8dbd2c6971752382e0800927d80edda7

Introduced

Last affected

bee0c3e04eb4ce34b8ac22ff27fcb421a9dccec5

Introduced

Last affected

bee0c3e04eb4ce34b8ac22ff27fcb421a9dccec5

Database specific

{
    "versions": [
        {
            "introduced": "1.0.0"
        },
        {
            "fixed": "1.0.14"
        },
        {
            "introduced": "1.0.0"
        },
        {
            "fixed": "1.0.14"
        },
        {
            "introduced": "1.1.0"
        },
        {
            "fixed": "1.1.8"
        },
        {
            "introduced": "1.1.0"
        },
        {
            "fixed": "1.1.8"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.2.0-NA"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.2.0-NA"
        }
    ]
}

Affected versions

Other

show

v0.*

v0.0.0

v0.1.0

v0.1.1

v0.1.2

v0.10.0-beta1

v0.2.0

v0.2.1

v0.2.2

v0.2.3

v0.2.3-rc1

v0.3.0-rc2

v0.3.1

v0.3.2

v0.3.2-rc1

v0.3.2-rc2

v0.3rc1

v0.4.0

v0.4.0-rc1

v0.4.0-rc2

v0.4.1

v0.4.1-rc1

v0.5.0

v0.5.0-rc1

v0.5.0-rc2

v0.5.1

v0.5.1-rc1

v0.5.1-rc2

v0.5.2

v0.5.2-rc1

v0.5.3

v0.5.5

v0.5.5-rc1

v0.5.5-rc2

v0.5.6

v0.5.6-rc1

v0.6.0

v0.6.0-rc1

v0.6.0-rc2

v0.6.1

v0.6.2

v0.6.3-rc1

v0.7.0

v0.7.0-rc1

v0.7.0-rc2

v0.7.0-rc3

v0.7.1

v0.7.1+pro

v0.7.1-rc1

v0.7.1-rc1+pro

v0.8.0

v0.8.0+pro

v0.8.0-rc1

v0.8.0-rc1+pro

v0.8.2

v0.8.3

v0.8.4

v0.8.4-rc1

v0.9.0

v0.9.0-beta1

v0.9.0-beta2

v0.9.0-beta3

v0.9.0-rc1

v0.9.0-rc2

v0.9.2

v0.9.2-rc1

v0.9.3

v0.9.4

v0.9.4-rc1

v1.*

v1.0.10

v1.0.11

v1.0.12

v1.0.13

v1.0.4

v1.0.5

v1.0.6

v1.0.7

v1.0.8

v1.0.9

v1.1.3

v1.1.4

v1.1.5

v1.1.6

v1.1.7

v1.2.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-43415.json"