HashiCorp Nomad/Nomad Enterprise up to 1.0.9/1.1.3 Raft RPC Layer privilege escalation

Summaryinfo

A vulnerability classified as critical was found in HashiCorp Nomad and Nomad Enterprise up to 1.0.9/1.1.3. This issue affects some unknown processing of the component Raft RPC Layer. Executing a manipulation can lead to an unknown weakness. This vulnerability appears as CVE-2021-37218. There is no available exploit. Upgrading the affected component is advised.

Detailsinfo

A vulnerability classified as critical was found in HashiCorp Nomad and Nomad Enterprise up to 1.0.9/1.1.3. This vulnerability affects an unknown function of the component Raft RPC Layer. As an impact it is known to affect confidentiality, integrity, and availability.

The weakness was presented 09/07/2021. The advisory is available at discuss.hashicorp.com. This vulnerability was named CVE-2021-37218. The technical details are unknown and an exploit is not available.

The vulnerability scanner Nessus provides a plugin with the ID 261268 (Linux Distros Unpatched Vulnerability : CVE-2021-37218), which helps to determine the existence of the flaw in a target environment.

Upgrading to version 1.0.10 or 1.1.4 eliminates this vulnerability.

The vulnerability is also documented in the vulnerability database at Tenable (261268). If you want to get best quality of vulnerability data, you may have to visit VulDB.

Productinfo

Vendor

• HashiCorp

Name

• Nomad
• Nomad Enterprise

Version

• 1.0.0
• 1.0.1
• 1.0.2
• 1.0.3
• 1.0.4
• 1.0.5
• 1.0.6
• 1.0.7
• 1.0.8
• 1.0.9
• 1.1.0
• 1.1.1
• 1.1.2
• 1.1.3

License

• open-source

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Discussion