CVE-2021-41865 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2021-41865

CWE

https://cwe.mitre.org/data/definitions/.html

HashiCorp Nomad and Nomad Enterprise 1.1.1 through 1.1.5 allowed authenticated users with job submission capabilities to cause denial of service by submitting incomplete job specifications with a Consul mesh gateway and host networking mode. Fixed in 1.1.6.

Affected Software

Name	Vendor	Start Version	End Version
Nomad	Hashicorp	1.1.1 (including)	1.1.6 (excluding)
Nomad	Ubuntu	bionic	*
Nomad	Ubuntu	focal	*
Nomad	Ubuntu	hirsute	*
Nomad	Ubuntu	trusty	*
Nomad	Ubuntu	xenial	*

References

https://discuss.hashicorp.com/t/hcsec-2021-26-nomad-denial-of-service-via-submission-of-incomplete-job-specification-using-consul-mesh-gateway-host-network/30311
https://discuss.hashicorp.com/t/hcsec-2021-26-nomad-denial-of-service-via-submission-of-incomplete-job-specification-using-consul-mesh-gateway-host-network/30311