blob: 3d41337517202be0fe48d5bed80df4327ff46ec0 [file] [log] [blame]
id: GO-2024-2670
modules:
- module: github.com/hashicorp/nomad
versions:
- introduced: 0.7.0
fixed: 1.4.11
- introduced: 1.5.0
fixed: 1.5.6
vulnerable_at: 1.5.5
summary: ACL security vulnerability in github.com/hashicorp/nomad
description: |-
An ACL policy using a block without label can be applied to unexpected resources
in Nomad, a distributed, highly available scheduler designed for effortless
operations and management of applications.
cves:
- CVE-2023-3072
ghsas:
- GHSA-rpvr-38xv-xvxq
credits:
- anonymous4ACL24
references:
- web: https://discuss.hashicorp.com/t/hcsec-2023-20-nomad-acl-policies-without-label-are-applied-to-unexpected-resources/56270
review_status: REVIEWED