Skip to content

Commit

Permalink
Publish Advisories
Browse files Browse the repository at this point in the history
  • Loading branch information
advisory-database[bot] committed Apr 6, 2023
1 parent 9bb6fb5 commit a4464a5
Show file tree
Hide file tree
Showing 2 changed files with 64 additions and 35 deletions.
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
{
"schema_version": "1.4.0",
"id": "GHSA-f8r8-h93m-mj77",
"modified": "2023-04-06T16:59:26Z",
"published": "2023-04-05T21:30:24Z",
"aliases": [
"CVE-2023-1782"
],
"summary": "HashiCorp Nomad vulnerable to unauthenticated client agent HTTP request privilege escalation",
"details": "HashiCorp Nomad and Nomad Enterprise versions 1.5.0 up to 1.5.2 allow unauthenticated users to bypass intended ACL authorizations for clusters where mTLS is not enabled. This issue is fixed in version 1.5.3.",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/hashicorp/nomad"
},
"ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "1.5.0"
},
{
"fixed": "1.5.3"
}
]
}
],
"database_specific": {
"last_known_affected_version_range": "<= 1.5.2"
}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1782"
},
{
"type": "WEB",
"url": "https://discuss.hashicorp.com/t/hcsec-2023-12-nomad-unauthenticated-client-agent-http-request-privilege-escalation/52375"
},
{
"type": "PACKAGE",
"url": "https://github.com/hashicorp/nomad"
}
],
"database_specific": {
"cwe_ids": [
"CWE-285"
],
"severity": "HIGH",
"github_reviewed": true,
"github_reviewed_at": "2023-04-06T16:59:26Z",
"nvd_published_at": "2023-04-05T20:15:00Z"
}
}

This file was deleted.

0 comments on commit a4464a5

Please sign in to comment.