CVE-2023-0821

MEDIUM

HashiCorp Nomad <1.3.8-1.4.3 - Info Disclosure

Title source: llm

Description

HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source can cause excessive disk usage. Fixed in 1.2.16, 1.3.9, and 1.4.4.

References (1)

Core 1

Core References

Vendor Advisory

https://discuss.hashicorp.com/t/hcsec-2023-05-nomad-client-vulnerable-to-decompression-bombs-in-artifact-block/50292

Scores

CVSS v3 6.5

EPSS 0.0045

EPSS Percentile 63.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-409

Status published

Products (2)

hashicorp/nomad < 1.2.15 (2 CPE variants)

hashicorp/nomad 1.2.15 - 1.2.16Go

Published Feb 16, 2023

Tracked Since Feb 18, 2026