Skip to main content

Incorrect Privilege Assignment


Severity High
Score 9.8/10


HashiCorp Nomad and Nomad Enterprise version 0.2.0 through 1.1.13, 1.2.0-beta1 through 1.2.7, and 1.3.0-beta.1 through 1.3.0 were impacted by go-getter vulnerabilities enabling privilege escalation through the artifact stanza in submitted jobs onto the client agent host. This vulnerability is fixed in 1.1.14, 1.2.8 and 1.3.1 versions.

  • LOW
  • HIGH
  • NONE
  • NONE
  • HIGH
  • HIGH

CWE-266 - Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

Advisory Timeline

  • Published