Topics tagged security-nomad

Topic	Replies	Views	Activity
HCSEC-2025-02 - Nomad Vulnerable To Event Stream Namespace ACL Policy Bypass Through Wildcard Namespace Security security-nomad	0	95	February 12, 2025
HCSEC-2024-29 - Nomad Allocations Vulnerable To Privilege Escalation Within A Namespace Using Unredacted Workload Identity Token Security security-nomad	0	238	December 20, 2024
HCSEC-2024-27 - Nomad Vulnerable To Cross-Namespace Volume Creation Abusing CSI Write Permission Security security-nomad	0	463	November 7, 2024
HCSEC-2023-21 - Nomad Caller ACL Token's Secret ID is Exposed to Sentinel Security security-nomad	0	5590	July 19, 2023
HCSEC-2024-17 - Nomad Vulnerable to Allocation Directory Escape On Non-Existing File Paths Through Archive Unpacking Security security-nomad	0	1102	August 14, 2024
HCSEC-2024-15 - Nomad Vulnerable to Allocation Directory Path Escape Through Archive Unpacking Security security-nomad	0	1065	July 22, 2024
HCSEC-2024-03 - Nomad Vulnerable to Arbitrary Write Through Symlink Attack Security security-nomad	0	6372	February 8, 2024
HCSEC-2023-22 - Nomad Search API Leaks Information About CSI Plugins Security security-nomad	0	5702	July 19, 2023
HCSEC-2023-20 - Nomad ACL Policies without Label are Applied to Unexpected Resources Security security-nomad	0	5794	July 19, 2023
HCSEC-2021-01 - Nomad’s Exec and Java Task Drivers Did Not Isolate Processes Security security-nomad	0	7302	January 29, 2021
HCSEC-2023-09 - Nomad ACLs Can Not Deny Access to Workload's Own Variables Security security-nomad	0	5256	March 13, 2023
HCSEC-2023-08 - Nomad Job Submitter Privilege Escalation Using Workload Identity Security security-nomad	0	5261	March 13, 2023
HCSEC-2022-25 - Nomad’s Workload Identity Token Can List Non-sensitive Metadata For nomad/ Paths Security security-nomad	0	5919	October 28, 2022
HCSEC-2022-26 - Nomad’s Event Stream Subscriber Using ACL Token with TTL Receive Updates Until Garbage Collected Security security-nomad	0	5881	October 28, 2022
HCSEC-2022-22 - Nomad Panics On Job Submission With Bad Artifact Stanza Source URL Security security-nomad	0	5736	October 10, 2022
HCSEC-2022-14 - Nomad Impacted by go-getter Vulnerabilities Security security-nomad	0	6842	May 24, 2022
HCSEC-2022-04 - Nomad Spread Job Stanza May Trigger Panic in Servers Security security-nomad	0	7511	February 11, 2022
HCSEC-2022-03 - Nomad Malformed Job Parsing Results in Excessive CPU Usage Security security-nomad	0	7154	February 11, 2022
HCSEC-2022-02 - Nomad alloc Filesystem and Container Escape Security security-nomad	0	7192	February 11, 2022
HCSEC-2022-01 - Nomad Artifact Download Race Condition Security security-nomad	0	7464	February 11, 2022
HCSEC-2021-31 - Nomad QEMU Task Driver Allowed Paths Bypass with Job Args Security security-nomad	0	7092	November 23, 2021
HCSEC-2021-26 - Nomad Denial Of Service Via Submission Of Incomplete Job Specification Using Consul Mesh Gateway & Host Network Security security-nomad	0	6570	October 5, 2021
HCSEC-2021-21 - Nomad Raft RPC Privilege Escalation Security security-nomad	0	6795	September 1, 2021
HCSEC-2021-14 - Nomad Bridge Networking Mode Allows ARP Spoofing From Other Bridged Tasks On Same Node Security security-nomad	0	8337	May 12, 2021
HCSEC-2021-12 - Codecov Security Event and HashiCorp GPG Key Exposure Security security-nomad , security-consul , security-vault , security-terraform	2	66539	May 4, 2021
HCSEC-2020-23 - Nomad File Sandbox Escape via Container Volume Mount Security security-nomad	0	4337	November 25, 2020
HCSEC-2020-21 - Nomad File Sandbox Escape via Template and Artifact Stanzas Security security-nomad	0	4245	November 25, 2020
HCSEC-2020-08 - Nomad's Raw File View Vulnerable to Cross-Site Scripting Security security-nomad	0	4097	November 25, 2020
HCSEC-2020-05 - Nomad's mTLS Authorization Mechanism Susceptible to Privilege Escalation Security security-nomad	0	4107	November 25, 2020
HCSEC-2020-01 - Nomad’s HTTP/RPC Services Allow Unbounded Resource Usage, Susceptible to Unauthenticated Denial of Service Security security-nomad	0	4091	November 25, 2020