CVE-2021-32575
First published: Thu Jun 17 2021(Updated: )
HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge networking mode allows ARP spoofing from other bridged tasks on the same node. Fixed in 0.12.12, 1.0.5, and 1.1.0 RC1.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| HashiCorp Nomad | <=1.0.4 | |
| HashiCorp Nomad | <=1.0.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-32575?
CVE-2021-32575 refers to a vulnerability found in HashiCorp Nomad and Nomad Enterprise up to version 1.0.4, where the bridge networking mode allows ARP spoofing from other bridged tasks on the same node.
How severe is CVE-2021-32575?
CVE-2021-32575 has a severity rating of 6.5, which is considered medium.
Which software versions are affected by CVE-2021-32575?
HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 are affected by CVE-2021-32575.
How can I fix CVE-2021-32575?
To fix CVE-2021-32575, you should update HashiCorp Nomad to version 0.12.12, 1.0.5, or 1.1.0 RC1.
Where can I find more information about CVE-2021-32575?
You can find more information about CVE-2021-32575 in the following references: [HashiCorp Discussion](https://discuss.hashicorp.com/t/hcsec-2021-14-nomad-bridge-networking-mode-allows-arp-spoofing-from-other-bridged-tasks-on-same-node/24296) and [HashiCorp Blog](https://www.hashicorp.com/blog/category/nomad).
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/remedy
- agent/author
- agent/last-modified-date
- agent/description
- agent/tags
- agent/event
- agent/first-publish-date
- agent/source
- vendor/hashicorp
- canonical/hashicorp nomad
- version/hashicorp nomad/1.0.4