Description
HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge networking mode allows ARP spoofing from other bridged tasks on the same node. Fixed in 0.12.12, 1.0.5, and 1.1.0 RC1.
References (2)
Core 2
Core References
Product x_refsource_misc
https://www.hashicorp.com/blog/category/nomad
Patch, Vendor Advisory x_refsource_misc
https://discuss.hashicorp.com/t/hcsec-2021-14-nomad-bridge-networking-mode-allows-arp-spoofing-from-other-bridged-tasks-on-same-node/24296
Scores
CVSS v3
6.5
EPSS
0.0018
EPSS Percentile
39.5%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
Status
published
Products (2)
hashicorp/nomad
< 1.0.4 (2 CPE variants)
hashicorp/nomad
1.0.0 - 1.0.5Go
Published
Jun 17, 2021
Tracked Since
Feb 18, 2026