CVE-2019-14802
First published: Mon Dec 26 2022(Updated: )
HashiCorp Nomad 0.5.0 through 0.9.4 (fixed in 0.9.5) reveals unintended environment variables to the rendering task during template rendering, aka GHSA-6hv3-7c34-4hx8. This applies to nomad/client/allocrunner/taskrunner/template.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| HashiCorp Nomad | >=0.5.0<0.9.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for HashiCorp Nomad?
The vulnerability ID for HashiCorp Nomad is CVE-2019-14802.
What is the severity of CVE-2019-14802?
The severity of CVE-2019-14802 is medium with a severity value of 5.3.
What does CVE-2019-14802 affect?
CVE-2019-14802 affects HashiCorp Nomad versions 0.5.0 through 0.9.4 (fixed in 0.9.5).
What is the fix for CVE-2019-14802?
The fix for CVE-2019-14802 is to upgrade to HashiCorp Nomad version 0.9.5 or later.
Where can I find more information about CVE-2019-14802?
You can find more information about CVE-2019-14802 in the following references: [Link 1](https://advisories.gitlab.com/advisory/advgo_github_com_hashicorp_nomad_client_allocrunner_taskrunner_template_GMS_2022_818.html), [Link 2](https://www.hashicorp.com/blog/category/nomad).
- collector/nvd-index
- agent/author
- agent/severity
- agent/references
- agent/tags
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/event
- agent/type
- agent/description
- collector/mitre-cve
- source/MITRE
- vendor/hashicorp
- canonical/hashicorp nomad
- version/hashicorp nomad/0.5.0