CVE-2022-3867
2.7LOWHashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 event stream subscribers using a token with TTL receive updates until token garbage is collected. Fixed in 1.4.2.
Publicado: 11/10/2022Atualizado: 11/21/2024
Descrição
HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 event stream subscribers using a token with TTL receive updates until token garbage is collected. Fixed in 1.4.2.
Análise IADesenvolvido por IA
Produtos Afetados
hashicorpnomad
1.4.0
hashicorpnomad
1.4.0
hashicorpnomad
1.4.1
hashicorpnomad
1.4.1
Referências
- https://discuss.hashicorp.com/t/hcsec-2022-26-nomad-s-event-stream-subscriber-using-acl-token-with-ttl-receive-updates-until-garbage-collected/46168Vendor Advisory
- https://discuss.hashicorp.com/t/hcsec-2022-26-nomad-s-event-stream-subscriber-using-acl-token-with-ttl-receive-updates-until-garbage-collected/46168Vendor Advisory