CVE-2021-37218

HIGH8.8EPSS 0.19%

Privilege escalation in Hashicorp Nomad

發布日:2021/9/8修改日:2024/8/21

也稱為:GHSA-c8x3-rg72-fwwgGO-2022-0591

描述

HashiCorp Nomad and Nomad Enterprise Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.0.10 and 1.1.4.

受影響套件(2)

Go/github.com/hashicorp/nomadfrom 0, < 1.0.10
Go/github.com/hashicorp/nomadfrom 0, < 1.0.10, >= 1.1.0, < 1.1.4

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

參考連結(5)

ADVISORYhttps://github.com/advisories/GHSA-c8x3-rg72-fwwg
ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-37218
PATCHhttps://github.com/hashicorp/nomad
WEBhttps://discuss.hashicorp.com/t/hcsec-2021-21-nomad-raft-rpc-privilege-escalation/29023
WEBhttps://www.hashicorp.com/blog/category/nomad