How severe is CVE-2022-3866?

CVE-2022-3866 has a CVSS v3 score of 5 (MEDIUM).

CVE-2022-3866

Name: nomad
Author: hashicorp

5.0MEDIUM

HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. Fixed in 1.4.2.

Publicado: 11/10/2022Atualizado: 11/21/2024

Descrição

HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. Fixed in 1.4.2.

Análise IADesenvolvido por IA

Produtos Afetados

hashicorpnomad

1.4.0

hashicorpnomad

1.4.0

hashicorpnomad

1.4.1

hashicorpnomad

1.4.1

Referências

https://discuss.hashicorp.com/t/hcsec-2022-25-nomad-s-workload-identity-token-can-list-non-sensitive-metadata-for-nomad-paths/46167
Vendor Advisory
https://discuss.hashicorp.com/t/hcsec-2022-25-nomad-s-workload-identity-token-can-list-non-sensitive-metadata-for-nomad-paths/46167
Vendor Advisory