x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-2w2v-xcr9-mj4m #1928

GoVulnBot · 2023-07-15T00:01:18Z

In GitHub Security Advisory GHSA-2w2v-xcr9-mj4m, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/hashicorp/nomad	0.9.2	>= 0.9.0, <= 0.9.1

Cross references:

Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-6jm6-cmcp-fqjq #560 EFFECTIVELY_PRIVATE
Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-2jhh-5xm2-j4gf #573 EFFECTIVELY_PRIVATE
Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-3382-r9q8-4hfg #577 EFFECTIVELY_PRIVATE
Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-wmrx-57hm-mw7r #584 EFFECTIVELY_PRIVATE
Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-c8x3-rg72-fwwg #591 EFFECTIVELY_PRIVATE
Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-gwmc-6795-qghj #600 EFFECTIVELY_PRIVATE
Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-35qp-xq9f-2rjx #622 EFFECTIVELY_PRIVATE
Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad/client/allocrunner/taskrunner/template: GHSA-6hv3-7c34-4hx8 #634 EFFECTIVELY_PRIVATE
Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-vf6q-9f2f-mwhv #709 NOT_IMPORTABLE
Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-526x-rm7j-v389 #732 NOT_IMPORTABLE
Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad/client/allocrunner/taskrunner/template: GHSA-77cr-6gr8-7rr9 #806 NOT_IMPORTABLE
Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-cj2h-ww36-v932 #821 NOT_IMPORTABLE
Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad/command/agent: GHSA-h43v-26r7-7j4c #840 NOT_IMPORTABLE
Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-7v3g-4878-5qrf #1062 EFFECTIVELY_PRIVATE
Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-7wg4-8m5p-hrfg #1105 EFFECTIVELY_PRIVATE
Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-9fmc-5fq4-5jwh #1106 EFFECTIVELY_PRIVATE
Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-w479-w22g-cffh #1581 EFFECTIVELY_PRIVATE
Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-rqm8-q8j9-662f #1633 EFFECTIVELY_PRIVATE
Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-f8r8-h93m-mj77 #1707 EFFECTIVELY_PRIVATE
Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-hhvx-8755-4cvw #1899 EFFECTIVELY_PRIVATE

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/hashicorp/nomad
      versions:
        - introduced: TODO (earliest fixed "0.9.2", vuln range ">= 0.9.0, <= 0.9.1")
      vulnerable_at: 1.5.6
      packages:
        - package: github.com/hashicorp/nomad
summary: Hashicorp Nomad Access Control Issues
description: |-
    HashiCorp Nomad 0.9.0 through 0.9.1 has Incorrect Access Control via the exec
    driver.
cves:
    - CVE-2019-12618
ghsas:
    - GHSA-2w2v-xcr9-mj4m
references:
    - web: https://nvd.nist.gov/vuln/detail/CVE-2019-12618
    - report: https://github.com/hashicorp/nomad/issues/5783
    - web: https://www.hashicorp.com/blog/category/nomad
    - web: https://www.hashicorp.com/blog/hashicorp-nomad-0-9-2
    - advisory: https://github.com/advisories/GHSA-2w2v-xcr9-mj4m

The text was updated successfully, but these errors were encountered:

gopherbot · 2023-07-25T21:19:44Z

Change https://go.dev/cl/513195 mentions this issue: data/excluded: batch add 26 excluded reports

gopherbot · 2024-06-14T17:44:21Z

Change https://go.dev/cl/592761 mentions this issue: data/reports: unexclude 75 reports

gopherbot · 2024-08-20T16:54:24Z

Change https://go.dev/cl/606788 mentions this issue: data/reports: unexclude 20 reports (8)

- data/reports/GO-2023-1912.yaml - data/reports/GO-2023-1915.yaml - data/reports/GO-2023-1919.yaml - data/reports/GO-2023-1922.yaml - data/reports/GO-2023-1924.yaml - data/reports/GO-2023-1925.yaml - data/reports/GO-2023-1927.yaml - data/reports/GO-2023-1928.yaml - data/reports/GO-2023-1931.yaml - data/reports/GO-2023-1932.yaml - data/reports/GO-2023-1936.yaml - data/reports/GO-2023-1938.yaml - data/reports/GO-2023-1939.yaml - data/reports/GO-2023-1940.yaml - data/reports/GO-2023-1942.yaml - data/reports/GO-2023-1945.yaml - data/reports/GO-2023-1946.yaml - data/reports/GO-2023-1948.yaml - data/reports/GO-2023-1950.yaml - data/reports/GO-2023-1952.yaml Updates #1912 Updates #1915 Updates #1919 Updates #1922 Updates #1924 Updates #1925 Updates #1927 Updates #1928 Updates #1931 Updates #1932 Updates #1936 Updates #1938 Updates #1939 Updates #1940 Updates #1942 Updates #1945 Updates #1946 Updates #1948 Updates #1950 Updates #1952 Change-Id: Id25f09c8f7270af68238752db96d6a399b91ef36 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/606788 Auto-Submit: Tatiana Bradley <tatianabradley@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Damien Neil <dneil@google.com>

neild self-assigned this Jul 25, 2023

neild added the excluded: EFFECTIVELY_PRIVATE label Jul 25, 2023

gopherbot closed this as completed in c30dc8f Jul 25, 2023

GoVulnBot mentioned this issue Feb 9, 2024

x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-c866-8gpw-p3mv #2538

Closed

GoVulnBot mentioned this issue Aug 15, 2024

x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-25qx-vfw2-fw8r #3073

Closed

GoVulnBot mentioned this issue Nov 7, 2024

x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-2w5v-x29g-jw7j #3262

Closed

GoVulnBot mentioned this issue Dec 20, 2024

x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-hr68-hvgv-xxqf #3354

Closed

GoVulnBot mentioned this issue Mar 10, 2025

x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-c3q9-q986-vrwh #3510

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-2w2v-xcr9-mj4m #1928

x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-2w2v-xcr9-mj4m #1928

GoVulnBot commented Jul 15, 2023

gopherbot commented Jul 25, 2023

gopherbot commented Jun 14, 2024

gopherbot commented Aug 20, 2024

x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-2w2v-xcr9-mj4m #1928

x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-2w2v-xcr9-mj4m #1928

Comments

GoVulnBot commented Jul 15, 2023

gopherbot commented Jul 25, 2023

gopherbot commented Jun 14, 2024

gopherbot commented Aug 20, 2024