CVE-2021-43415

HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. Fixed in 1.0.14, 1.1.8, and 1.2.1.
Configurations

Configuration 1

cpe:2.3:a:hashicorp:nomad:*:*:*:*:-:*:*:*
cpe:2.3:a:hashicorp:nomad:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:hashicorp:nomad:*:*:*:*:-:*:*:*
cpe:2.3:a:hashicorp:nomad:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:hashicorp:nomad:1.2.0:-:*:*:-:*:*:*
cpe:2.3:a:hashicorp:nomad:1.2.0:-:*:*:enterprise:*:*:*

Information

Published : 2021-12-03 10:15

Updated : 2021-12-06 07:18


NVD link : CVE-2021-43415

Mitre link : CVE-2021-43415

Products Affected
CWE