Lucene search
HistoryJul 20, 2023 - 12:15 a.m.
CVE-2023-3300
cve-2023-3300
hashicorp nomad
http search api
csi plugins
unauthenticated users
plugin:read policy
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
5.2
Confidence
High
EPSS
0.001
Percentile
25.3%
HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and 1.4.1.
Affected configurations
Node
hashicorpnomadRange0.11.0–1.4.1-
ORhashicorpnomadRange0.11.0–1.4.1enterprise
ORhashicorpnomadRange1.5.0–1.5.6-
ORhashicorpnomadRange1.5.0–1.5.6enterprise
Related
cve
cve
CVE-2023-3300
2023-07-20 00:15:10
cvelist
cvelist
CVE-2023-3300 Nomad Search API Leaks Information About CSI Plugins
2023-07-19 23:35:26
osv
osv
CSI plugin names disclosure in github.com/hashicorp/nomad
2024-04-04 18:42:42
CVE-2023-3300
2023-07-20 00:15:10
Nomad Search API Leaks Information About CSI Plugins
2023-07-20 00:30:25
debiancve
debiancve
CVE-2023-3300
2023-07-20 00:15:00
prion
prion
Denial of service
2023-07-20 00:15:00
ubuntucve
ubuntucve
CVE-2023-3300
2023-07-20 00:00:00
github
github
Nomad Search API Leaks Information About CSI Plugins
2023-07-20 00:30:25
veracode
veracode
Improper Authorization
2024-04-08 06:08:58
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
AI Score
5.2
Confidence
High
EPSS
0.001
Percentile
25.3%
Related for NVD:CVE-2023-3300