How severe is CVE-2022-3867?

CVE-2022-3867 has a CVSS v3 score of 2.7 (LOW).

CVE-2022-3867

Name: nomad
Author: hashicorp

2.7LOW

HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 event stream subscribers using a token with TTL receive updates until token garbage is collected. Fixed in 1.4.2.

发布于: 11/10/2022更新于: 11/21/2024

描述

HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 event stream subscribers using a token with TTL receive updates until token garbage is collected. Fixed in 1.4.2.

AI分析AI驱动

受影响产品

hashicorpnomad

1.4.0

hashicorpnomad

1.4.0

hashicorpnomad

1.4.1

hashicorpnomad

1.4.1

参考资料

https://discuss.hashicorp.com/t/hcsec-2022-26-nomad-s-event-stream-subscriber-using-acl-token-with-ttl-receive-updates-until-garbage-collected/46168
Vendor Advisory
https://discuss.hashicorp.com/t/hcsec-2022-26-nomad-s-event-stream-subscriber-using-acl-token-with-ttl-receive-updates-until-garbage-collected/46168
Vendor Advisory