CVE-2021-3283
7.5 HIGHHashiCorp Nomad and Nomad Enterprise up to 0.12.9 exec and java task drivers can access processes associated with other tasks on the same...
Published: 2021-02-01 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 7.5 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
| Vendor | Product |
|---|---|
| hashicorp | nomad |
Description
HashiCorp Nomad and Nomad Enterprise up to 0.12.9 exec and java task drivers can access processes associated with other tasks on the same node. Fixed in 0.12.10, and 1.0.3.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-3283
- [Vendor advisory]https://discuss.hashicorp.com/t/hcsec-2021-01-nomad-s-exec-and-java-task-drivers-did-not-isolate-processes/20332
- [Vendor advisory]https://discuss.hashicorp.com/t/hcsec-2021-01-nomad-s-exec-and-java-task-drivers-did-not-isolate-processes/20332
Related CVEs
Same vendor
- CVE-2021-42135 — HashiCorp Vault and Vault Enterprise 1.8.x through 1.8.4 may have an unexpected interaction between glob-related policies and the Google ... (8.1 HIGH)
- CVE-2021-41802 — HashiCorp Vault and Vault Enterprise through 1.7.4 and 1.8.3 allowed a user with write permission to an entity alias ID sharing a mount a... (2.9 LOW)
- CVE-2021-41865 — HashiCorp Nomad and Nomad Enterprise 1.1.1 through 1.1.5 allowed authenticated users with job submission capabilities to cause denial of ... (6.5 MEDIUM)
- CVE-2021-40862 — HashiCorp Terraform Enterprise up to v202108-1 contained an API endpoint that erroneously disclosed a sensitive URL to authenticated part... (8.8 HIGH)
- CVE-2021-38698 — HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access... (6.5 MEDIUM)