---

CVE-2021-43415 - log back

CVE-2021-43415 edited at 22 Nov 2021 21:45:56
Remote	- Unknown + Remote

CVE-2021-43415 edited at 22 Nov 2021 21:45:17
Severity	- Unknown + Medium
Type	- Unknown + Access restriction bypass
Description	+ Nomad before version 1.2.1 with the QEMU task driver enabled allowed authenticated users with job submission capabilities to bypass the configured allowed paths for images.
References	+ https://github.com/hashicorp/nomad/issues/11542 + https://github.com/hashicorp/nomad/commit/40de248b940eb7babbd4a08ebe9d6874758f5285
Notes	+ Workaround + ========== + + The issue can be mitigated by disabling the QEMU task driver using the the following client agent configuration snippet: + + plugin "qemu" { + enabled = false + }

CVE-2021-43415 created at 22 Nov 2021 21:42:03