Ubuntu.comUB:CVE-2021-41865CVE-2021-41865
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
35.0%
HashiCorp Nomad and Nomad Enterprise 1.1.1 through 1.1.5 allowed
authenticated users with job submission capabilities to cause denial of
service by submitting incomplete job specifications with a Consul mesh
gateway and host networking mode. Fixed in 1.1.6.
References
discuss.hashicorp.com/t/hcsec-2021-26-nomad-denial-of-service-via-submission-of-incomplete-job-specification-using-consul-mesh-gateway-host-network/30311
github.com/hashicorp/nomad/issues/11243
github.com/hashicorp/nomad/pull/11257
launchpad.net/bugs/cve/CVE-2021-41865
nvd.nist.gov/vuln/detail/CVE-2021-41865
security-tracker.debian.org/tracker/CVE-2021-41865
www.cve.org/CVERecord?id=CVE-2021-41865
Related
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
35.0%