CVE-2020-28348
MEDIUMHashiCorp Nomad 0.9.0-0.12.7 - Path Traversal via Docker File Sandbox
Title source: llmDescription
HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be subverted when not explicitly disabled or when using a volume mount type. Fixed in 0.12.8, 0.11.7, and 0.10.8.
References (2)
Core 2
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/hashicorp/nomad/issues/9303
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/hashicorp/nomad/blob/master/CHANGELOG.md#0128-november-10-2020
Scores
CVSS v3
6.5
EPSS
0.0049
EPSS Percentile
65.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (2)
hashicorp/nomad
0.9.0 - 0.10.8 (2 CPE variants)
hashicorp/nomad
0.9.0 - 0.10.8Go
Published
Nov 24, 2020
Tracked Since
Feb 18, 2026