CVE-2019-14802
MEDIUMHashiCorp Nomad 0.5.0-0.9.4 - Exposure of Sensitive Information via Template Rendering
Title source: llmDescription
HashiCorp Nomad 0.5.0 through 0.9.4 (fixed in 0.9.5) reveals unintended environment variables to the rendering task during template rendering, aka GHSA-6hv3-7c34-4hx8. This applies to nomad/client/allocrunner/taskrunner/template.
References (2)
Core 2
Core References
Third Party Advisory
https://advisories.gitlab.com/advisory/advgo_github_com_hashicorp_nomad_client_allocrunner_taskrunner_template_GMS_2022_818.html
Product, Vendor Advisory
https://www.hashicorp.com/blog/category/nomad
Scores
CVSS v3
5.3
EPSS
0.0036
EPSS Percentile
58.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-200
Status
published
Products (2)
hashicorp/nomad
0 - 0.9.5Go
hashicorp/nomad
0.5.0 - 0.9.5
Published
Dec 26, 2022
Tracked Since
Feb 18, 2026