Skip to content

x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-7wg4-8m5p-hrfg #1105

New issue
New issue
Closed
Closed
x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-7wg4-8m5p-hrfg#1105
Assignees
zpavlinovic
Labels
NeedsTriageexcluded: EFFECTIVELY_PRIVATEThis vulnerability exists in a package can be imported, but isn't meant to be outside that module.
@GoVulnBot

Description

@GoVulnBot
GoVulnBot
opened on Nov 11, 2022

In GitHub Security Advisory GHSA-7wg4-8m5p-hrfg, there is a vulnerability in the following Go packages or modules:

Unit Fixed Vulnerable Ranges
github.com/hashicorp/nomad 1.4.2 >= 1.4.0, < 1.4.2

See doc/triage.md for instructions on how to triage this report.

modules:
  - module: TODO
    versions:
      - introduced: 1.4.0
        fixed: 1.4.2
    packages:
      - package: github.com/hashicorp/nomad
description: HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity
    token can list non-sensitive metadata for paths under nomad/ that belong to other
    jobs in the same namespace. Fixed in 1.4.2.
cves:
  - CVE-2022-3866
ghsas:
  - GHSA-7wg4-8m5p-hrfg

Metadata

Metadata

Assignees

Labels

NeedsTriageexcluded: EFFECTIVELY_PRIVATEThis vulnerability exists in a package can be imported, but isn't meant to be outside that module.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions