CVE-2019-14802

5.3MEDIUM

Key Information

Vendor: Hashicorp
Status: Nomad
Vendor: CVE Published:; 26 December 2022

Summary

HashiCorp Nomad 0.5.0 through 0.9.4 (fixed in 0.9.5) reveals unintended environment variables to the rendering task during template rendering, aka GHSA-6hv3-7c34-4hx8. This applies to nomad/client/allocrunner/taskrunner/template.

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Dec 26, 2022
Vulnerability Reserved.
Aug 9, 2019

Collectors

NVD DatabaseMitre Database