Privilege Escalation Vulnerability in HashiCorp Nomad Allocations
CVE-2024-12678

6.5MEDIUM

Key Information:

Vendor: Hashicorp
Status: Nomad; Nomad Enterprise
Vendor: CVE Published:; 20 December 2024

Summary

The vulnerability identified as CVE-2024-12678 affects HashiCorp's Nomad Community and Enterprise editions, enabling privilege escalation within a namespace due to the exposure of unredacted workload identity tokens. This security flaw can potentially allow an attacker to gain elevated permissions, compromising the integrity and security of the affected system. The issue has been addressed in the latest versions released by HashiCorp, ensuring that users can secure their environments and maintain operational safety.

Affected Version(s)

Nomad 64 bit 1.4.0 < 1.9.4

Nomad Enterprise 64 bit 1.4.0 < 1.9.4

References

https://discuss.hashicorp.com/t/hcsec-2024-29-nomad-alloc...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 20, 2024
Vulnerability Reserved
Dec 16, 2024

Collectors

NVD DatabaseMitre Database