First published: Mon Feb 01 2021(Updated: )
HashiCorp Nomad and Nomad Enterprise up to 0.12.9 exec and java task drivers can access processes associated with other tasks on the same node. Fixed in 0.12.10, and 1.0.3.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
HashiCorp Nomad | <0.12.10 | |
HashiCorp Nomad | <0.12.10 | |
HashiCorp Nomad | >=1.0.0<1.0.3 | |
HashiCorp Nomad | >=1.0.0<1.0.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this HashiCorp Nomad issue is CVE-2021-3283.
The severity of CVE-2021-3283 is high with a severity value of 7.5.
HashiCorp Nomad and Nomad Enterprise versions up to 0.12.9 can be affected by this vulnerability if they are using the exec and java task drivers, as these drivers can access processes associated with other tasks on the same node.
This vulnerability is fixed in HashiCorp Nomad version 0.12.10 and Nomad Enterprise version 0.12.10, as well as Nomad version 1.0.3 and Nomad Enterprise version 1.0.3.
You can find more information about this vulnerability on the HashiCorp discussion forum at the following link: [https://discuss.hashicorp.com/t/hcsec-2021-01-nomad-s-exec-and-java-task-drivers-did-not-isolate-processes/20332](https://discuss.hashicorp.com/t/hcsec-2021-01-nomad-s-exec-and-java-task-drivers-did-not-isolate-processes/20332)