CVE-2019-14802
MEDIUM
5,3
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: low
Integrity: none
Availability: none
Description
AI Translation Available
HashiCorp Nomad 0.5.0 through 0.9.4 (fixed in 0.9.5) reveals unintended environment variables to the rendering task during template rendering, aka GHSA-6hv3-7c34-4hx8. This applies to nomad/client/allocrunner/taskrunner/template.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0036
Percentile
0,6th
Updated
EPSS Score Trend (Last 91 Days)
200
Exposure of Sensitive Information to an Unauthorized Actor
DraftCommon Consequences
Security Scopes Affected:
Confidentiality
Potential Impacts:
Read Application Data
Applicable Platforms
Technologies:
Mobile, Not Technology-Specific, Web Based
Application
Nomad by Hashicorp
Version Range Affected
From
0.5.0
(inclusive)
To
0.9.5
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:hashicorp:nomad:*:*:*:*:-:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://advisories.gitlab.com/advisory/advgo_github_com_hashicorp_nomad_client_…
https://www.hashicorp.com/blog/category/nomad
https://advisories.gitlab.com/advisory/advgo_github_com_hashicorp_nomad_client_…
https://www.hashicorp.com/blog/category/nomad