nomad

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description A simple and flexible workload orchestrator
Version 1.9.3-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2580 1.2.0-1 1.2.1-1 Medium Fixed FS#72813
AVG-2451 1.1.5-1 1.1.6-1 Low Fixed
AVG-2359 1.1.3-1 1.1.4-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2021-43415 AVG-2580 Medium Yes Access restriction bypass
Nomad before version 1.2.1 with the QEMU task driver enabled allowed authenticated users with job submission capabilities to bypass the configured allowed...
CVE-2021-41865 AVG-2451 Low Yes Denial of service
HashiCorp Nomad 1.1.1 through 1.1.5 allowed authenticated users with job submission capabilities to cause denial of service by submitting incomplete job...
CVE-2021-37218 AVG-2359 High Yes Privilege escalation
In HashiCorp Nomad before version 1.1.4, the Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only...