Nomad Unauthenticated Client Agent HTTP Request Privilege Escalation
CVE-2023-1782
10CRITICAL
What is CVE-2023-1782?
HashiCorp Nomad and Nomad Enterprise versions 1.5.0 to 1.5.2 are susceptible to a vulnerability that allows unauthenticated users to circumvent Access Control List (ACL) authorizations. This flaw arises in configurations where mutual Transport Layer Security (mTLS) is not enabled, potentially granting unauthorized access to cluster resources. The issue has been addressed in version 1.5.3, and users are advised to upgrade to ensure the security of their deployments.
Affected Version(s)
Nomad 64 bit 1.5.0 < 1.5.3
Nomad Enterprise 64 bit 1.5.0 < 1.5.3