Lucene search

Ubuntu.comUB:CVE-2022-3867

HistoryNov 10, 2022 - 12:00 a.m.

CVE-2022-3867

2022-11-1000:00:00

ubuntu.com

hashicorp nomad

nomad enterprise

event stream

subscribers

token vulnerability

unix

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

22.7%

JSON

HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 event stream
subscribers using a token with TTL receive updates until token garbage is
collected. Fixed in 1.4.2.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchnomad< anyUNKNOWN
ubuntu20.04noarchnomad< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	nomad	< any	UNKNOWN
ubuntu	20.04	noarch	nomad	< any	UNKNOWN

References

discuss.hashicorp.com/t/hcsec-2022-26-nomad-s-event-stream-subscriber-using-acl-token-with-ttl-receive-updates-until-garbage-collected/46168

launchpad.net/bugs/cve/CVE-2022-3867

nvd.nist.gov/vuln/detail/CVE-2022-3867

security-tracker.debian.org/tracker/CVE-2022-3867

www.cve.org/CVERecord?id=CVE-2022-3867

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

22.7%

JSON

Related for UB:CVE-2022-3867