CVE-2023-3300

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions HashiCorp Nomad and Nomad Enterprise versions 0.11.0 through 1.5.6 HashiCorp Nomad and Nomad Enterprise version 1.4.1

Description A vulnerability in the HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy.

Recommendations For versions 0.11.0 through 1.5.6, update to version 1.5.7 or later to resolve the issue. For version 1.4.1, update to version 1.4.11 or later to resolve the issue.

Fix

Missing Authorization

Incorrect Privilege Assignment

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862CWE-266

Related Identifiers

BDU:2025-06167

CVE-2023-3300

GHSA-V5FM-HR72-27HX

GO-2024-2671

Affected Products

Hashicorp Nomad

Nomad Enterprise

Red Os

CVE-2023-3300

Weakness Enumeration

Related Identifiers

Affected Products

References · 16