{ "id": "CVE-2024-12678", "sourceIdentifier": "security@hashicorp.com", "published": "2024-12-20T02:15:05.500", "lastModified": "2024-12-20T02:15:05.500", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Nomad Community and Nomad Enterprise (\"Nomad\") allocations are vulnerable to privilege escalation within a namespace through unredacted workload identity tokens. This vulnerability, identified as CVE-2024-12678, is fixed in Nomad Community Edition 1.9.4 and Nomad Enterprise 1.9.4, 1.8.8, and 1.7.16." }, { "lang": "es", "value": "Las asignaciones de Nomad Community y Nomad Enterprise (\"Nomad\") son vulnerables a la escalada de privilegios dentro de un espacio de nombres a trav\u00e9s de tokens de identidad de carga de trabajo sin redactar. Esta vulnerabilidad, identificada como CVE-2024-12678, se solucion\u00f3 en Nomad Community Edition 1.9.4 y Nomad Enterprise 1.9.4, 1.8.8 y 1.7.16." } ], "metrics": { "cvssMetricV31": [ { "source": "security@hashicorp.com", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE" }, "exploitabilityScore": 2.8, "impactScore": 3.6 } ] }, "weaknesses": [ { "source": "security@hashicorp.com", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-266" } ] } ], "references": [ { "url": "https://discuss.hashicorp.com/t/hcsec-2024-29-nomad-allocations-vulnerable-to-privilege-escalation-within-a-namespace-using-unredacted-workload-identity-token/72119", "source": "security@hashicorp.com" } ] }