GHSA-rqm8-q8j9-662f, CVE-2023-1299
go/github.com/hashicorp/nomad
Nomad Job Submitter Privilege Escalation Using Workload Identity
HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter to escalate to management-level privileges using workload identity and task API. Fixed in 1.5.1.
Version 1.5.0
Upgrade to version 1.5.1 or above.
2023-03-16
source |