Nomad Enterprise (“Nomad”) jobs using the policy override option are bypassing the mandatory sentinel policies. This vulnerability, identified as CVE-2025-3744, is fixed in Nomad Enterprise 1.10.1, 1.9.9, and 1.8.13.
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Nomad | Hashicorp | * | 1.8.13 (excluding) |
Nomad | Hashicorp | 1.9.0 (including) | 1.9.9 (excluding) |
Nomad | Hashicorp | 1.10.0 (including) | 1.10.0 (including) |
Nomad | Hashicorp | 1.10.0-beta1 (including) | 1.10.0-beta1 (including) |
Nomad | Hashicorp | 1.10.0-rc1 (including) | 1.10.0-rc1 (including) |