CVE-2023-1782

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-1782

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-1782.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-1782

Aliases

Related

UBUNTU-CVE-2023-1782

Published

2023-04-05T20:15:07Z

Modified

2025-01-14T11:23:05.971917Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

HashiCorp Nomad and Nomad Enterprise versions 1.5.0 up to 1.5.2 allow unauthenticated users to bypass intended ACL authorizations for clusters where mTLS is not enabled. This issue is fixed in version 1.5.3.

References

https://discuss.hashicorp.com/t/hcsec-2023-12-nomad-unauthenticated-client-agent-http-request-privilege-escalation/52375

Affected packages

Git / github.com/hashicorp/nomad

Affected ranges

Type: GIT
Repo: https://github.com/hashicorp/nomad
Events: Introduced

fc40c491cacec3d8ec3f2f98cd82b9068a50797c

Last affected

9a2fdb5f53dce81edf2802f0b64962e07596fd03

Affected versions

v1.*

v1.5.0

v1.5.1

v1.5.2