HashiCorp Nomad vulnerable to Insufficient Session Expiration
Low severity
GitHub Reviewed
Published
Nov 10, 2022
to the GitHub Advisory Database
•
Updated Mar 31, 2023
Package
Affected versions
>= 1.4.0, < 1.4.2
Patched versions
1.4.2
Description
Published by the National Vulnerability Database
Nov 10, 2022
Published to the GitHub Advisory Database
Nov 10, 2022
Reviewed
Nov 10, 2022
Last updated
Mar 31, 2023
HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 event stream subscribers using a token with TTL receive updates until token garbage is collected. Fixed in 1.4.2.
References