CVE-2020-7956

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions HashiCorp Nomad and Nomad Enterprise versions up to 0.10.2

Description The issue concerns improper validation of role/region associated with TLS certificates used for mTLS RPC, making the system susceptible to privilege escalation.

Recommendations For HashiCorp Nomad and Nomad Enterprise versions up to 0.10.2, update to version 0.10.3 to resolve the issue.

Fix

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295

Related Identifiers

CVE-2020-7956

GHSA-CJ2H-WW36-V932

GO-2022-0821

Affected Products

Nomad

Nomad Enterprise

CVE-2020-7956

Weakness Enumeration

Related Identifiers

Affected Products

References · 12