CVE-2021-43415

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
03/12/2021
Last modified:
08/08/2023

Description

HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. Fixed in 1.0.14, 1.1.8, and 1.2.1.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:hashicorp:nomad:*:*:*:*:-:*:*:* 1.0.0 (including) 1.0.14 (excluding)
cpe:2.3:a:hashicorp:nomad:*:*:*:*:enterprise:*:*:* 1.0.0 (including) 1.0.14 (excluding)
cpe:2.3:a:hashicorp:nomad:*:*:*:*:-:*:*:* 1.1.0 (including) 1.1.8 (excluding)
cpe:2.3:a:hashicorp:nomad:*:*:*:*:enterprise:*:*:* 1.1.0 (including) 1.1.8 (excluding)
cpe:2.3:a:hashicorp:nomad:1.2.0:-:*:*:-:*:*:*
cpe:2.3:a:hashicorp:nomad:1.2.0:-:*:*:enterprise:*:*:*