CVE-2023-1299

Nomad Job Submitter Privilege Escalation Using Workload Identity in go/github.com/hashicorp/nomad

Identifiers

GHSA-rqm8-q8j9-662f, CVE-2023-1299

Package Slug

go/github.com/hashicorp/nomad

Vulnerability

Nomad Job Submitter Privilege Escalation Using Workload Identity

Description

HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter to escalate to management-level privileges using workload identity and task API. Fixed in 1.5.1.

Affected Versions

Version 1.5.0

Solution

Upgrade to version 1.5.1 or above.

Last Modified

2023-03-16

source