GHSA-rpvr-38xv-xvxq

Suggest an improvement
Source
https://github.com/advisories/GHSA-rpvr-38xv-xvxq
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/07/GHSA-rpvr-38xv-xvxq/GHSA-rpvr-38xv-xvxq.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-rpvr-38xv-xvxq
Aliases
Published
2023-07-20T00:30:24Z
Modified
2024-09-26T21:43:05Z
Severity
  • 4.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVSS Calculator
Summary
Nomad ACL Policies without Label are Applied to Unexpected Resources
Details

A vulnerability was identified in Nomad, an ACL policy using a block without label may be applied to unexpected resources. This vulnerability, CVE-2023-3072, affects Nomad from 0.7 up to 1.5.6 and 1.4.10 and was fixed in 1.6.0, 1.5.7, and 1.4.11.

Database specific
{
    "nvd_published_at": "2023-07-20T00:15:10Z",
    "cwe_ids": [
        "CWE-266",
        "CWE-862"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-01T18:33:25Z"
}
References

Affected packages

Go / github.com/hashicorp/nomad

Package

Name
github.com/hashicorp/nomad
View open source insights on deps.dev
Purl
pkg:golang/github.com/hashicorp/nomad

Affected ranges

Type
SEMVER
Events
Introduced
0.7.0
Fixed
1.4.11

Go / github.com/hashicorp/nomad

Package

Name
github.com/hashicorp/nomad
View open source insights on deps.dev
Purl
pkg:golang/github.com/hashicorp/nomad

Affected ranges

Type
SEMVER
Events
Introduced
1.5.0
Fixed
1.5.6