hashicorp/nomad

GitHub

github.com

www.nomadproject.io

Releases401

Frequency1 week 3 days

Last Release 12 days ago

Stars16.5K

Nomad is an easy-to-use, flexible, and performant workload orchestrator that can deploy a mix of microservice, batch, containerized, and non-containerized applications. Nomad is easy to operate and scale and has native Consul and Vault integrations.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2020-28348 ↗	Nov 24, 2020Tuesday, 24 November 2020, 03:15	6.5 MEDIUM	6.3 MEDIUM
HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be subverted when not explicitly disabled or when using a volume mount type. Fixed in 0.12.8, 0.11.7, and 0.10.8.
CVE-2020-27195 ↗	Oct 22, 2020Thursday, 22 October 2020, 17:15	9.1 CRITICAL	6.4 MEDIUM
HashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5 client file sandbox feature can be subverted using either the template or artifact stanzas. Fixed in 0.12.6, 0.11.5, and 0.10.6
CVE-2020-10944 ↗	Apr 28, 2020Tuesday, 28 April 2020, 14:15	5.4 MEDIUM	3.5 LOW
HashiCorp Nomad and Nomad Enterprise up to 0.10.4 contained a cross-site scripting vulnerability such that files from a malicious workload could cause arbitrary JavaScript to execute in the web UI. Fixed in 0.10.5.
CVE-2020-7218 ↗	Jan 31, 2020Friday, 31 January 2020, 13:15	7.5 HIGH	5 MEDIUM
HashiCorp Nomad and Nonad Enterprise up to 0.10.2 HTTP/RPC services allowed unbounded resource usage, and were susceptible to unauthenticated denial of service. Fixed in 0.10.3.
CVE-2020-7956 ↗	Jan 31, 2020Friday, 31 January 2020, 13:15	9.8 CRITICAL	7.5 HIGH
HashiCorp Nomad and Nomad Enterprise up to 0.10.2 incorrectly validated role/region associated with TLS certificates used for mTLS RPC, and were susceptible to privilege escalation. Fixed in 0.10.3.
CVE-2019-12618 ↗	Aug 12, 2019Monday, 12 August 2019, 17:15	—	10 HIGH
HashiCorp Nomad 0.9.0 through 0.9.1 has Incorrect Access Control via the exec driver.