0.002 Low
EPSS
Percentile
55.1%
HashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5 client file sandbox feature can be subverted using either the template or artifact stanzas. Fixed in 0.12.6, 0.11.5, and 0.10.6
github.com/hashicorp/nomad/blob/master/CHANGELOG.md#0126-october-21-2020
github.com/hashicorp/nomad/issues/9129
github.com/hashicorp/nomad/pull/9139
nvd.nist.gov/vuln/detail/CVE-2020-27195
pkg.go.dev/github.com/hashicorp/nomad/client/allocrunner/taskrunner/template
www.nomadproject.io/downloads