Nomad ACL Policy Block Label Vulnerability 0.7.01.5.6, 1.4.10 (fixed 1.6.0)
CVE-2023-3072 Published on July 20, 2023
Nomad ACL Policies without Label are Applied to Unexpected Resources
HashiCorp Nomad and Nomad Enterprise 0.7.0 up to 1.5.6 and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11.
Weakness Type
Incorrect Privilege Assignment
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
Products Associated with CVE-2023-3072
Want to know whenever a new CVE is published for HashiCorp Nomad? stack.watch will email you.
Affected Versions
HashiCorp Nomad:- Version 0.7.0, <= 1.4.10 is affected.
- Version 0.7.0, <= 1.5.6 is affected.
- Version 0.7.0, <= 1.4.10 is affected.
- Version 0.7.0, <= 1.5.6 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.