Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2021-43415

Nomad before version 1.2.1 with the QEMU task driver enabled allowed authenticated users with job submission capabilities to bypass the configured allowed paths for images.

Source

Severity Medium

Remote Yes

Type Access restriction bypass

Description

Nomad before version 1.2.1 with the QEMU task driver enabled allowed authenticated users with job submission capabilities to bypass the configured allowed paths for images.

AVG-2580 nomad 1.2.0-1 1.2.1-1 Medium Fixed FS#72813

https://github.com/hashicorp/nomad/issues/11542
https://github.com/hashicorp/nomad/commit/40de248b940eb7babbd4a08ebe9d6874758f5285

Workaround
==========

The issue can be mitigated by disabling the QEMU task driver using the the following client agent configuration snippet:

plugin "qemu" { 
    enabled = false 
}

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Vulmon Search

About

Products

Connect