Privilege Escalation Affecting github.com/hashicorp/nomad package, versions >=1.5.0 <1.5.1


Severity

Recommended
0.0
high
0
10

CVSS assessment made by Snyk's Security Team

    Threat Intelligence

    EPSS
    0.07% (33rd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-GOLANG-GITHUBCOMHASHICORPNOMAD-3358955
  • published 14 Mar 2023
  • disclosed 14 Mar 2023
  • credit tgross

How to fix?

Upgrade github.com/hashicorp/nomad to version 1.5.1 or higher.

Overview

github.com/hashicorp/nomad is a workload orchestrator that can deploy a mix of microservice, batch, containerized, and non-containerized applications.

Affected versions of this package are vulnerable to Privilege Escalation via the workload identity. If the workload identity has no attached ACL policies, it can access Nomad HTTP API via a Unix domain socket without configuring mTLS.

Exploiting this vulnerability is possible because a workload identity without any workload-associated policies was treated as a management token, allowing users with submit-job capabilities to escalate their privileges.

CVSS Scores

version 3.1
Expand this section

Snyk

8.3 high
  • Attack Vector (AV)
    Network
  • Attack Complexity (AC)
    Low
  • Privileges Required (PR)
    Low
  • User Interaction (UI)
    None
  • Scope (S)
    Unchanged
  • Confidentiality (C)
    High
  • Integrity (I)
    High
  • Availability (A)
    Low
Expand this section

NVD

8.8 high