CVE-2021-37218

8.8HIGH

Key Information

Vendor: Hashicorp
Status: Nomad
Vendor: CVE Published:; 7 September 2021

Summary

HashiCorp Nomad and Nomad Enterprise Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.0.10 and 1.1.4.

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Sep 7, 2021
Vulnerability Reserved.
Jul 21, 2021

Collectors

NVD DatabaseMitre Database