Home > Vulnerability Database > CVE-2023-1296

Mend.io Vulnerability Database

CVE-2023-1296

Good to know:

Date: March 14, 2023

HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.5.0 did not correctly enforce deny policies applied to a workload’s variables. Fixed in 1.4.6 and 1.5.1.

Language: Go

Severity Score

2.7

Related Resources (5)

Url: https://github.com/advisories/GHSA-hhvx-8755-4cvw

Url: https://github.com/hashicorp/nomad

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-1296

Url: https://discuss.hashicorp.com/t/hcsec-2023-09-nomad-acls-can-not-deny-access-to-workloads-own-variables/51390

Url: https://www.mend.io/vulnerability-database/CVE-2023-1296

Severity Score

2.7

Weakness Type (CWE)

Incorrect Calculation

CWE-682

Missing Authorization

CWE-862

Top Fix

Upgrade Version

Upgrade to version github.com/hashicorp/nomad - v1.4.6;github.com/hashicorp/nomad - v1.5.1

Learn More

CVSS v3.1

Base Score:	2.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-1296

Good to know:

Date: March 14, 2023

Language: Go

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?