Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Nomad — Vulnerabilities & Security Advisories 16

All 16 CVE vulnerabilities found in Nomad, with AI-generated Chinese analysis, references, and POCs.

Vendor: HashiCorp

CVE IDTitleCVSSSeverityPublished
CVE-2025-4922 Nomad Vulnerable To Incorrect ACL Policy Lookup Attached To A Job CWE-266 8.1 High2025-06-11
CVE-2025-1296 Nomad Exposes Sensitive Workload Identity and Client Secret Token in Audit Logs CWE-532 6.5 Medium2025-03-10
CVE-2025-0937 Nomad Vulnerable To Event Stream Namespace ACL Policy Bypass Through Wildcard Namespace CWE-863 7.1 High2025-02-12
CVE-2024-12678 Nomad Allocations Vulnerable To Privilege Escalation Within A Namespace Using Unredacted Workload Identity Tokens CWE-266 6.5 Medium2024-12-20
CVE-2024-10975 Nomad Vulnerable To Cross-Namespace Volume Creation Abusing CSI Write Permission CWE-863 7.7 High2024-11-07
CVE-2024-7625 Nomad Vulnerable to Allocation Directory Escape On Non-Existing File Paths Through Archive Unpacking CWE-610 5.8 Medium2024-08-14
CVE-2024-6717 Nomad Vulnerable to Allocation Directory Path Escape Through Archive Unpacking CWE-610 7.7 High2024-07-23
CVE-2024-1329 Nomad Vulnerable to Arbitrary Write Through Symlink Attack CWE-59 7.7 High2024-02-08
CVE-2023-3300 Nomad Search API Leaks Information About CSI Plugins CWE-266 5.3 Medium2023-07-19
CVE-2023-3072 Nomad ACL Policies without Label are Applied to Unexpected Resources CWE-266 4.1 Medium2023-07-19
CVE-2023-1782 Nomad Unauthenticated Client Agent HTTP Request Privilege Escalation CWE-862 10.0 Critical2023-04-05
CVE-2023-1299 Nomad Job Submitter Privilege Escalation Using Workload Identity CWE-862 7.4 High2023-03-14
CVE-2023-1296 Nomad ACLs Can Not Deny Access to Workload's Own Variables CWE-682 2.7 Low2023-03-14
CVE-2023-0821 Nomad Client Vulnerable to Decompression Bombs in Artifact Block CWE-409 6.5 Medium2023-02-16
CVE-2022-3867 Nomad Event Stream Subscriber Using a Token with TTL Receives Updates Until Garbage Collected CWE-613 2.7 Low2022-11-10
CVE-2022-3866 Nomad Workload Identity Token Can List Non-sensitive Metadata for Paths Under nomad/ CWE-668 5.0 Medium2022-11-10

All 16 known CVE vulnerabilities affecting Nomad with full Chinese analysis, references, and POCs where available.