Vulnerability Report: GO-2024-2669
- CVE-2023-3299, GHSA-9jfx-84v9-2rr2
- Affects: github.com/hashicorp/nomad
- Published: Apr 04, 2024
- Modified: May 20, 2024
A vulnerability exists in Nomad where the API caller's ACL token secret ID is exposed to Sentinel policies.
Affected Modules
-
PathGo Versions
-
from v1.2.11 before v1.4.11, from v1.5.0 before v1.5.7
Aliases
References
- https://github.com/hashicorp/nomad/issues/17907
- https://discuss.hashicorp.com/t/hcsec-2023-21-nomad-caller-acl-tokens-secret-id-is-exposed-to-sentinel/56271
- https://vuln.go.dev/ID/GO-2024-2669.json
Credits
- anonymous4ACL24
Feedback
See anything missing or incorrect?
Suggest an edit to this report.