GMS-2022-818

Information Exposure Through Environmental Variables in go/github.com/hashicorp/nomad/client/allocrunner/taskrunner/template

Identifiers

GHSA-6hv3-7c34-4hx8, GMS-2022-818, CVE-2019-14802

Package Slug

go/github.com/hashicorp/nomad/client/allocrunner/taskrunner/template

Vulnerability

Information Exposure Through Environmental Variables

Description

In Nomad before version 0.9.5, when rendering a task template, all environment variables were available to the rendering task. As a fix, only task environment variables are used.

Affected Versions

All versions before 0.9.5

Solution

Upgrade to version 0.9.5 or above.

Last Modified

2022-04-13

source