CVE-2023-3300

MEDIUM

HashiCorp Nomad <1.5.6-1.4.1 - Info Disclosure

Title source: llm

Description

HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and 1.4.1.

References (1)

Core 1

Core References

Vendor Advisory

https://discuss.hashicorp.com/t/hcsec-2023-22-nomad-search-api-leaks-information-about-csi-plugins/56272

Scores

CVSS v3 5.3

EPSS 0.0081

EPSS Percentile 74.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-266 CWE-862

Status published

Products (2)

hashicorp/nomad 0.11.0 - 1.4.1 (2 CPE variants)

hashicorp/nomad 0.11.0 - 1.4.11Go

Published Jul 20, 2023

Tracked Since Feb 18, 2026