CVE Catalog

CVE-2023-3299

LowCVSS 3.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.49%

38th percentile — higher than 38% of all known CVEs

Summary

In HashiCorp Nomad Enterprise versions 1.2.11 to 1.5.6 and 1.4.10, ACL policies using a block without a label generate unexpected results. This issue is fixed in versions 1.6.0, 1.5.7, and 1.4.11.

Risk Assessment

Unexpected results from ACL policies may lead to unauthorized access or improper resource management in the system, posing a security risk to the organization.

Recommendation

It is recommended to upgrade to versions 1.6.0, 1.5.7, or 1.4.11 to mitigate this vulnerability.

Original NVD description (English source)

HashiCorp Nomad Enterprise 1.2.11 up to 1.5.6, and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS