x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-v5fm-hr72-27hx #2671

GoVulnBot · 2024-04-01T20:01:31Z

In GitHub Security Advisory GHSA-v5fm-hr72-27hx, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/hashicorp/nomad	1.5.7	>= 1.5.0, < 1.5.7

Cross references:

Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-6jm6-cmcp-fqjq #560 EFFECTIVELY_PRIVATE
Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-2jhh-5xm2-j4gf #573 EFFECTIVELY_PRIVATE
Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-3382-r9q8-4hfg #577 EFFECTIVELY_PRIVATE
Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-wmrx-57hm-mw7r #584 EFFECTIVELY_PRIVATE
Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-c8x3-rg72-fwwg #591 EFFECTIVELY_PRIVATE
Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-gwmc-6795-qghj #600 EFFECTIVELY_PRIVATE
Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-35qp-xq9f-2rjx #622 EFFECTIVELY_PRIVATE
Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad/client/allocrunner/taskrunner/template: GHSA-6hv3-7c34-4hx8 #634 EFFECTIVELY_PRIVATE
Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-vf6q-9f2f-mwhv #709 NOT_IMPORTABLE
Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-526x-rm7j-v389 #732 NOT_IMPORTABLE
Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad/client/allocrunner/taskrunner/template: GHSA-77cr-6gr8-7rr9 #806 NOT_IMPORTABLE
Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-cj2h-ww36-v932 #821 NOT_IMPORTABLE
Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad/command/agent: GHSA-h43v-26r7-7j4c #840 NOT_IMPORTABLE
Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-7v3g-4878-5qrf #1062 EFFECTIVELY_PRIVATE
Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-7wg4-8m5p-hrfg #1105 EFFECTIVELY_PRIVATE
Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-9fmc-5fq4-5jwh #1106 EFFECTIVELY_PRIVATE
Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-w479-w22g-cffh #1581 EFFECTIVELY_PRIVATE
Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-rqm8-q8j9-662f #1633 EFFECTIVELY_PRIVATE
Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-f8r8-h93m-mj77 #1707 EFFECTIVELY_PRIVATE
Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-hhvx-8755-4cvw #1899 EFFECTIVELY_PRIVATE
Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-2w2v-xcr9-mj4m #1928 EFFECTIVELY_PRIVATE
Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-c866-8gpw-p3mv #2538

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/hashicorp/nomad
      versions:
        - introduced: 1.5.0
          fixed: 1.5.7
      vulnerable_at: 1.5.6
      packages:
        - package: github.com/hashicorp/nomad
    - module: github.com/hashicorp/nomad
      versions:
        - introduced: 0.11.0
          fixed: 1.4.11
      vulnerable_at: 1.4.10
      packages:
        - package: github.com/hashicorp/nomad
summary: Nomad Search API Leaks Information About CSI Plugins
cves:
    - CVE-2023-3300
ghsas:
    - GHSA-v5fm-hr72-27hx
references:
    - web: https://nvd.nist.gov/vuln/detail/CVE-2023-3300
    - web: https://discuss.hashicorp.com/t/hcsec-2023-22-nomad-search-api-leaks-information-about-csi-plugins/56272
    - fix: https://github.com/hashicorp/nomad/commit/a8789d3872bbf1b1f420f28b0f7ad8532a41d5e3
    - advisory: https://github.com/advisories/GHSA-v5fm-hr72-27hx

The text was updated successfully, but these errors were encountered:

gopherbot · 2024-04-02T20:35:31Z

Change https://go.dev/cl/575935 mentions this issue: data/reports: add GO-2024-2671.yaml

zpavlinovic self-assigned this Apr 2, 2024

gopherbot closed this as completed in 84e81a4 Apr 4, 2024

GoVulnBot mentioned this issue Aug 15, 2024

x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-25qx-vfw2-fw8r #3073

Closed

GoVulnBot mentioned this issue Nov 7, 2024

x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-2w5v-x29g-jw7j #3262

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-v5fm-hr72-27hx #2671

x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-v5fm-hr72-27hx #2671

GoVulnBot commented Apr 1, 2024

gopherbot commented Apr 2, 2024

x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-v5fm-hr72-27hx #2671

x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-v5fm-hr72-27hx #2671

Comments

GoVulnBot commented Apr 1, 2024

gopherbot commented Apr 2, 2024