HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge networking mode allows ARP spoofing from other bridged tasks on the same node. Fixed in 0.12.12, 1.0.5, and 1.1.0 RC1.
References
Configurations
Configuration 1 (hide)
|
History
22 Jun 2021, 19:08
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.hashicorp.com/blog/category/nomad - Product | |
References | (MISC) https://discuss.hashicorp.com/t/hcsec-2021-14-nomad-bridge-networking-mode-allows-arp-spoofing-from-other-bridged-tasks-on-same-node/24296 - Patch, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 3.3
v3 : 6.5 |
CPE | cpe:2.3:a:hashicorp:nomad:*:*:*:*:enterprise:*:*:* cpe:2.3:a:hashicorp:nomad:*:*:*:*:-:*:*:* |
|
CWE | NVD-CWE-noinfo |
17 Jun 2021, 19:52
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-06-17 19:15
Updated : 2024-02-04 21:47
NVD link : CVE-2021-32575
Mitre link : CVE-2021-32575
CVE.ORG link : CVE-2021-32575
JSON object : View
Products Affected
hashicorp
- nomad
CWE