CVE-2024-12678

CVSS V2 None CVSS V3 None

Description

Nomad Community and Nomad Enterprise ("Nomad") allocations are vulnerable to privilege escalation within a namespace through unredacted workload identity tokens. This vulnerability, identified as CVE-2024-12678, is fixed in Nomad Community Edition 1.9.4 and Nomad Enterprise 1.9.4, 1.8.8, and 1.7.16.

Overview

CVE ID
CVE-2024-12678

Assigner
HashiCorp

Vulnerability Status
PUBLISHED

Published Version
2024-12-20T01:49:40.583Z

Last Modified Date
2024-12-20T01:49:40.583Z

Weakness Enumerations

CWE	URL
CWE-266	http://cwe.mitre.org/data/definitions/266.html

References

Reference URL	Reference Tags
https://discuss.hashicorp.com/t/hcsec-2024-29-nomad-allocations-vulnerable-to-privilege-escalation-within-a-namespace-using-unredacted-workload-identity-token/72119

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-12678
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12678

History

Created	Old Value	New Value	Data Type	Notes
2024-12-20 13:17:10				Added to TrackCVE