CVE-2024-12678

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Hashicorp Nomad versions prior to 1.9.4 Hashicorp Nomad versions prior to 1.8.8 Hashicorp Nomad versions prior to 1.7.16

Description The issue is related to privilege escalation within a namespace through unredacted workload identity tokens. This allows for potential exploitation, although specific details about the number of affected devices or real-world incidents are not provided.

Recommendations For versions prior to 1.9.4, update to Nomad Community Edition 1.9.4. For versions prior to 1.8.8, update to Nomad Enterprise 1.8.8. For versions prior to 1.7.16, update to Nomad Enterprise 1.7.16.

Fix

LPE

Incorrect Privilege Assignment

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-266

Related Identifiers

BDU:2025-03334

CVE-2024-12678

GHSA-HR68-HVGV-XXQF

GO-2024-3354

OPENSUSE-SU-2024:14608-1

OPENSUSE-SU-2025_0060-1

SUSE-SU-2025:0060-1

Affected Products

Hashicorp Nomad

Red Os

Suse

CVE-2024-12678

Weakness Enumeration

Related Identifiers

Affected Products

References · 42