Shodan
Vulnerabilities
Vulnerable Software
Hashicorp:  >> Nomad  >> 1.5.0  Security Vulnerabilities
CVE-2025-3744
Nomad Enterprise (“Nomad”) jobs using the policy override option are bypassing the mandatory sentinel policies. This vulnerability, identified as CVE-2025-3744, is fixed in Nomad Enterprise 1.10.1, 1.9.9, and 1.8.13.
CVSS Score
7.6
EPSS Score
0.001
Published
2025-05-13
CVE-2025-1296
Nomad Community and Nomad Enterprise (“Nomad”) are vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs. This vulnerability, identified as CVE-2025-1296, is fixed in Nomad Community Edition 1.9.7 and Nomad Enterprise 1.9.7, 1.8.11, and 1.7.19.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-03-10
CVE-2025-0937
Nomad Community and Nomad Enterprise ("Nomad") event stream configured with a wildcard namespace can bypass the ACL Policy allowing reads on other namespaces.
CVSS Score
7.1
EPSS Score
0.0
Published
2025-02-12
CVE-2024-12678
Nomad Community and Nomad Enterprise ("Nomad") allocations are vulnerable to privilege escalation within a namespace through unredacted workload identity tokens. This vulnerability, identified as CVE-2024-12678, is fixed in Nomad Community Edition 1.9.4 and Nomad Enterprise 1.9.4, 1.8.8, and 1.7.16.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-12-20
CVE-2023-3072
HashiCorp Nomad and Nomad Enterprise 0.7.0 up to 1.5.6 and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11.
CVSS Score
4.1
EPSS Score
0.0
Published
2023-07-20
CVE-2023-3299
HashiCorp Nomad Enterprise 1.2.11 up to 1.5.6, and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11.
CVSS Score
3.4
EPSS Score
0.002
Published
2023-07-20
CVE-2023-3300
HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and 1.4.1.
CVSS Score
5.3
EPSS Score
0.005
Published
2023-07-20
CVE-2023-1782
HashiCorp Nomad and Nomad Enterprise versions 1.5.0 up to 1.5.2 allow unauthenticated users to bypass intended ACL authorizations for clusters where mTLS is not enabled. This issue is fixed in version 1.5.3.
CVSS Score
9.9
EPSS Score
0.003
Published
2023-04-05
CVE-2023-1296
HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.5.0 did not correctly enforce deny policies applied to a workload’s variables. Fixed in 1.4.6 and 1.5.1.
CVSS Score
2.7
EPSS Score
0.003
Published
2023-03-14
CVE-2023-1299
HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter to escalate to management-level privileges using workload identity and task API. Fixed in 1.5.1.
CVSS Score
7.4
EPSS Score
0.002
Published
2023-03-14


Products
Pricing
Contact Us

Shodan ® - All rights reserved