#VU73272 Security features bypass in Nomad Enterprise - CVE-2023-1296

Cybersecurity Help s.r.o.

Published: 2023-03-14

Vulnerability identifier: #VU73272

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-1296

CWE-ID: CWE-254

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Nomad Enterprise
Web applications / Modules and components for CMS

Vendor: HashiCorp

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to an error in the workload-associated policy with a deny capability, which was ignored for the workload's own variables. A remote attacker can bypass implemented ACLs and gain unauthorized access to the application.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Nomad Enterprise: 1.4.0 - 1.5.0

External links
https://github.com/hashicorp/nomad/issues/16349
https://github.com/hashicorp/nomad/releases/tag/v1.4.6
https://github.com/hashicorp/nomad/releases/tag/v1.5.1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Nomad