CVE-2023-1296

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions HashiCorp Nomad and Nomad Enterprise versions 1.4.0 through 1.5.0

Description A vulnerability was identified in Nomad and Nomad Enterprise such that a deny ACL capability could not be applied to a workload’s own variables. If included, the Nomad ACL system will silently fail to block access.

Recommendations For versions 1.4.0 through 1.5.0, update to version 1.4.6 or 1.5.1 to resolve the issue. As a temporary workaround, consider restricting access to workload variables until a patch is available.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862CWE-682

Related Identifiers

BDU:2025-06173

CVE-2023-1296

GHSA-HHVX-8755-4CVW

GO-2023-1899

Affected Products

Nomad

Nomad Enterprise

Red Os

CVE-2023-1296

Weakness Enumeration

Related Identifiers

Affected Products

References · 15