CVE-2022-3867

HashiCorp Nomad vulnerable to Insufficient Session Expiration in go/github.com/hashicorp/nomad

Identifiers

GHSA-9fmc-5fq4-5jwh, CVE-2022-3867

Package Slug

go/github.com/hashicorp/nomad

Vulnerability

HashiCorp Nomad vulnerable to Insufficient Session Expiration

Description

HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 event stream subscribers using a token with TTL receive updates until token garbage is collected. Fixed in 1.4.2.

Affected Versions

All versions starting from 1.4.0 before 1.4.2

Solution

Upgrade to version 1.4.2 or above.

Last Modified

2022-11-13

source