CVE-2021-37218

Published: 07/09/2021 Updated: 13/09/2021

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 578

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

HashiCorp Nomad and Nomad Enterprise Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.0.10 and 1.1.4.

Vulnerable Product	Search on Vulmon	Subscribe to Product
hashicorp nomad

Debian Bug report logs - #1021273 nomad: CVE-2021-37218 CVE-2021-43415 CVE-2022-24683 CVE-2022-24684 CVE-2022-24685 CVE-2022-24686 Package: src:nomad; Maintainer for src:nomad is Dmitry Smirnov <onlyjob@debianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Tue, 4 Oct 2022 19:45:04 UTC Severity: grave T ...

In HashiCorp Nomad before version 114, the Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation ...

CWE-295 https://discuss.hashicorp.com/t/hcsec-2021-21-nomad-raft-rpc-privilege-escalation/29023 https://www.hashicorp.com/blog/category/nomad https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021273 https://nvd.nist.gov https://security.archlinux.org/CVE-2021-37218

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-37218

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect