Skip to main content

Authentication Bypass by Spoofing

CVE-2021-32575

Severity Medium
Score 6.5/10

Summary

HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge networking mode allows ARP spoofing from other bridged tasks on the same node. Fixed in 0.12.12, 1.0.5, and 1.1.0 RC1.

  • LOW
  • ADJACENT_NETWORK
  • HIGH
  • UNCHANGED
  • NONE
  • NONE
  • NONE
  • NONE

CWE-290 - Authentication Bypass by Spoofing

This attack-focused weakness is caused by improperly implemented authentication schemes that are subject to spoofing attacks.

Advisory Timeline

  • Published