PT-2023-16871 · Hashicorp · Nomad Enterprise+1

Published

2023-03-14

Updated

2024-08-20

CVE-2023-1299

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions HashiCorp Nomad and Nomad Enterprise version 1.5.0

Description A job submitter can escalate to management-level privileges using workload identity and task API. This issue was introduced due to the exposure of the workload identity token to the workload, allowing access to Nomad HTTP API via a unix domain socket without configuring mTLS. The vulnerability can be exploited if the workload identity does not have any attached ACL policies.

Recommendations For HashiCorp Nomad and Nomad Enterprise version 1.5.0, consider upgrading to Nomad 1.5.1 or newer to resolve the issue. As a temporary workaround, evaluate the risk associated with this issue and consider restricting access to the workload identity and task API until the upgrade is applied.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2023-1299

GHSA-RQM8-Q8J9-662F

GO-2023-1633

Affected Products

Hashicorp Nomad

Nomad Enterprise

PT-2023-16871 · Hashicorp · Nomad Enterprise+1

CVE-2023-1299

Weakness Enumeration

Related Identifiers

Affected Products

References · 12