Description
HashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5 client file sandbox feature can be subverted using either the template or artifact stanzas. Fixed in 0.12.6, 0.11.5, and 0.10.6
References (2)
Core 2
Core References
Release Notes, Third Party Advisory x_refsource_confirm
https://github.com/hashicorp/nomad/blob/master/CHANGELOG.md#0126-october-21-2020
Product x_refsource_misc
https://www.nomadproject.io/downloads
Scores
CVSS v3
9.1
EPSS
0.0036
EPSS Percentile
58.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Details
Status
published
Products (2)
hashicorp/nomad
0.9.0 - 0.10.5 (2 CPE variants)
hashicorp/nomad
0.9.0 - 0.10.6Go
Published
Oct 22, 2020
Tracked Since
Feb 18, 2026