Lucene search
HashiCorpCVE-2023-0821HistoryFeb 16, 2023 - 10:15 p.m.
CVE-2023-0821
2023-02-1622:15:11
CWE-409
HashiCorp
web.nvd.nist.gov
47
cve-2023-0821
hashicorp nomad
nomad enterprise
vulnerability
disk usage
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
AI Score
6.2
Confidence
High
EPSS
0.001
Percentile
35.6%
HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source can cause excessive disk usage. Fixed in 1.2.16, 1.3.9, and 1.4.4.
Affected configurations
Node
hashicorpnomadRange<1.2.15-
ORhashicorpnomadRange<1.2.15enterprise
ORhashicorpnomadRange1.3.0–1.3.9-
ORhashicorpnomadRange1.3.0–1.3.9enterprise
ORhashicorpnomadRange1.4.0–1.4.4-
ORhashicorpnomadRange1.4.0–1.4.4enterprise
CNA Affected
[
{
"vendor": "HashiCorp",
"product": "Nomad",
"platforms": [
"64 bit",
"32 bit",
"x86",
"ARM",
"MacOS",
"Windows",
"Linux"
],
"repo": "https://github.com/hashicorp/nomad",
"versions": [
{
"status": "affected",
"version": "0",
"lessThanOrEqual": "1.2.15",
"versionType": "semver"
},
{
"status": "affected",
"version": "0",
"lessThanOrEqual": "1.3.8",
"versionType": "semver"
},
{
"status": "affected",
"version": "0",
"lessThanOrEqual": "1.4.3",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "HashiCorp",
"product": "Nomad Enterprise",
"platforms": [
"64 bit",
"32 bit",
"x86",
"ARM",
"MacOS",
"Windows",
"Linux"
],
"versions": [
{
"status": "affected",
"version": "0",
"lessThanOrEqual": "1.2.15",
"versionType": "semver"
},
{
"status": "affected",
"version": "0",
"lessThanOrEqual": "1.3.8",
"versionType": "semver"
},
{
"status": "affected",
"version": "0",
"lessThanOrEqual": "1.4.3",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
]Related
osv
osv
CVE-2023-0821
2023-02-16 22:15:11
Uncontrolled Resource Consumption in Hashicorp Nomad
2023-02-17 00:30:28
cvelist
cvelist
ubuntucve
ubuntucve
CVE-2023-0821
2023-02-16 00:00:00
prion
prion
Denial of service
2023-02-16 22:15:00
github
github
Uncontrolled Resource Consumption in Hashicorp Nomad
2023-02-17 00:30:28
debiancve
debiancve
CVE-2023-0821
2023-02-16 22:15:00
redhatcve
redhatcve
CVE-2023-0821
2023-02-17 12:01:07
nvd
nvd
CVE-2023-0821
2023-02-16 22:15:11
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
AI Score
6.2
Confidence
High
EPSS
0.001
Percentile
35.6%
Related for CVE-2023-0821