Vulnerability Description
HashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5 client file sandbox feature can be subverted using either the template or artifact stanzas. Fixed in 0.12.6, 0.11.5, and 0.10.6
CVSS Score
9.1
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hashicorp | Nomad | >= 0.9.0, <= 0.10.5 |
References
- https://github.com/hashicorp/nomad/blob/master/CHANGELOG.md#0126-october-21-2020Release NotesThird Party Advisory
- https://www.nomadproject.io/downloadsProduct
- https://github.com/hashicorp/nomad/blob/master/CHANGELOG.md#0126-october-21-2020Release NotesThird Party Advisory
- https://www.nomadproject.io/downloadsProduct
FAQ
What is CVE-2020-27195?
CVE-2020-27195 is a vulnerability with a CVSS score of 9.1 (CRITICAL). HashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5 client file sandbox feature can be subverted using either the template or artifact stanzas. Fixed in 0.12.6, 0.11.5, and 0.10.6
How severe is CVE-2020-27195?
CVE-2020-27195 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-27195?
Check the references section above for vendor advisories and patch information. Affected products include: Hashicorp Nomad.