CVE-2021-3283: Improper Privilege Management in HashiCorp Nomad

June 24, 2021

HashiCorp Nomad and Nomad Enterprise up to 0.12.9 exec and java task drivers can access processes associated with other tasks on the same node. Fixed in 0.12.10, and 1.0.3.

References

github.com/advisories/GHSA-35qp-xq9f-2rjx
nvd.nist.gov/vuln/detail/CVE-2021-3283

Detect and mitigate CVE-2021-3283 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →