CVE-2022-3867
2.7LOWHashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 event stream subscribers using a token with TTL receive updates until token garbage is collected. Fixed in 1.4.2.
Published: 11/10/2022Updated: 11/21/2024
Description
HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 event stream subscribers using a token with TTL receive updates until token garbage is collected. Fixed in 1.4.2.
AI AnalysisPowered by AI
Affected Products
hashicorpnomad
1.4.0
hashicorpnomad
1.4.0
hashicorpnomad
1.4.1
hashicorpnomad
1.4.1
References
- https://discuss.hashicorp.com/t/hcsec-2022-26-nomad-s-event-stream-subscriber-using-acl-token-with-ttl-receive-updates-until-garbage-collected/46168Vendor Advisory
- https://discuss.hashicorp.com/t/hcsec-2022-26-nomad-s-event-stream-subscriber-using-acl-token-with-ttl-receive-updates-until-garbage-collected/46168Vendor Advisory