CVE-2020-27195

Name of the Vulnerable Software and Affected Versions HashiCorp Nomad and Nomad Enterprise versions 0.9.0 through 0.12.5

Description The client file sandbox feature in HashiCorp Nomad and Nomad Enterprise can be subverted using either the template or artifact stanzas. This issue is related to a Use After Free condition. The estimated number of potentially affected devices worldwide is not specified. Details about real-world incidents where this issue was exploited are not provided.

Recommendations For versions 0.9.0 through 0.10.5, update to version 0.10.6. For versions 0.11.0 through 0.11.4, update to version 0.11.5. For versions 0.12.0 through 0.12.5, update to version 0.12.6. As a temporary workaround, consider restricting the use of the template and artifact stanzas in the client file sandbox feature until a patch is applied.