Incorrect Privilege Assignment

CVE-2024-12678

Medium

6.5/10

Summary

Nomad Community and Nomad Enterprise ("Nomad") allocations are vulnerable to privilege escalation within a namespace through unredacted workload identity tokens. This vulnerability affects Nomad Community Edition prior to 1.9.4 and Nomad Enterprise prior to 1.7.16, 1.8.0 prior to 1.8.8, and 1.9.0 prior to 1.9.4.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-266 - Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

References

Advisory
Advisory
Pull request
Advisory

Advisory Timeline

Published Dec 20, 2024

Incorrect Privilege Assignment

CVE-2024-12678

Summary

CWE-266 - Incorrect Privilege Assignment

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS