CVE-2021-41865

MEDIUM

Nomad 1.1.1-1.1.5 - Authenticated Denial of Service via Incomplete Job Specification with Consul Mesh Gateway

Title source: llm

Description

HashiCorp Nomad and Nomad Enterprise 1.1.1 through 1.1.5 allowed authenticated users with job submission capabilities to cause denial of service by submitting incomplete job specifications with a Consul mesh gateway and host networking mode. Fixed in 1.1.6.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://discuss.hashicorp.com/t/hcsec-2021-26-nomad-denial-of-service-via-submission-of-incomplete-job-specification-using-consul-mesh-gateway-host-network/30311

Scores

CVSS v3 6.5

EPSS 0.0046

EPSS Percentile 64.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

Status published

Products (1)

hashicorp/nomad 1.1.1 - 1.1.6 (2 CPE variants)

Published Oct 07, 2021

Tracked Since Feb 18, 2026