Missing Authorization Affecting github.com/hashicorp/nomad package, versions >=1.5.0 <1.5.3
Threat Intelligence
EPSS
0.14% (51st
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-GOLANG-GITHUBCOMHASHICORPNOMAD-5414882
- published 6 Apr 2023
- disclosed 6 Apr 2023
- credit HashiCorp Security and Solutions Engineering
Introduced: 6 Apr 2023
CVE-2023-1782 Open this link in a new tabHow to fix?
Upgrade github.com/hashicorp/nomad to version 1.5.3 or higher.
Overview
github.com/hashicorp/nomad is a workload orchestrator that can deploy a mix of microservice, batch, containerized, and non-containerized applications.
Affected versions of this package are vulnerable to Missing Authorization by allowing unauthenticated users to bypass intended ACL authorizations for clusters where mTLS is not enabled.
References
CVSS Scores
version 3.1