CVE-2021-43415: Improper Authentication

December 10, 2021

HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. Fixed in 1.0.14, 1.1.8, and 1.2.1.

References

github.com/advisories/GHSA-2jhh-5xm2-j4gf
nvd.nist.gov/vuln/detail/CVE-2021-43415

Detect and mitigate CVE-2021-43415 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →