HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and 1.4.1.
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Nomad | Hashicorp | 0.11.0 (including) | 1.4.1 (including) |
Nomad | Hashicorp | 1.5.0 (including) | 1.5.6 (including) |
Nomad | Ubuntu | bionic | * |
Nomad | Ubuntu | trusty | * |
Nomad | Ubuntu | xenial | * |