Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-43415

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-03 Dec, 2021 | 21:20
Updated At-04 Aug, 2024 | 03:55
Rejected At-
Credits

HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. Fixed in 1.0.14, 1.1.8, and 1.2.1.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:03 Dec, 2021 | 21:20
Updated At:04 Aug, 2024 | 03:55
Rejected At:
▼CVE Numbering Authority (CNA)

HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. Fixed in 1.0.14, 1.1.8, and 1.2.1.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.hashicorp.com/blog/category/nomad
x_refsource_MISC
https://discuss.hashicorp.com/t/hcsec-2021-31-nomad-qemu-task-driver-allowed-paths-bypass-with-job-args/32288
x_refsource_MISC
Hyperlink: https://www.hashicorp.com/blog/category/nomad
Resource:
x_refsource_MISC
Hyperlink: https://discuss.hashicorp.com/t/hcsec-2021-31-nomad-qemu-task-driver-allowed-paths-bypass-with-job-args/32288
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.hashicorp.com/blog/category/nomad
x_refsource_MISC
x_transferred
https://discuss.hashicorp.com/t/hcsec-2021-31-nomad-qemu-task-driver-allowed-paths-bypass-with-job-args/32288
x_refsource_MISC
x_transferred
Hyperlink: https://www.hashicorp.com/blog/category/nomad
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://discuss.hashicorp.com/t/hcsec-2021-31-nomad-qemu-task-driver-allowed-paths-bypass-with-job-args/32288
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:03 Dec, 2021 | 22:15
Updated At:08 Aug, 2023 | 14:22

HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image paths. Fixed in 1.0.14, 1.1.8, and 1.2.1.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary2.06.0MEDIUM
AV:N/AC:M/Au:S/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.0
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:S/C:P/I:P/A:P
CPE Matches
HashiCorp, Inc.
hashicorp
>>nomad>>Versions from 1.0.0(inclusive) to 1.0.14(exclusive)
cpe:2.3:a:hashicorp:nomad:*:*:*:*:-:*:*:*
HashiCorp, Inc.
hashicorp
>>nomad>>Versions from 1.0.0(inclusive) to 1.0.14(exclusive)
cpe:2.3:a:hashicorp:nomad:*:*:*:*:enterprise:*:*:*
HashiCorp, Inc.
hashicorp
>>nomad>>Versions from 1.1.0(inclusive) to 1.1.8(exclusive)
cpe:2.3:a:hashicorp:nomad:*:*:*:*:-:*:*:*
HashiCorp, Inc.
hashicorp
>>nomad>>Versions from 1.1.0(inclusive) to 1.1.8(exclusive)
cpe:2.3:a:hashicorp:nomad:*:*:*:*:enterprise:*:*:*
HashiCorp, Inc.
hashicorp
>>nomad>>1.2.0
cpe:2.3:a:hashicorp:nomad:1.2.0:-:*:*:-:*:*:*
HashiCorp, Inc.
hashicorp
>>nomad>>1.2.0
cpe:2.3:a:hashicorp:nomad:1.2.0:-:*:*:enterprise:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://discuss.hashicorp.com/t/hcsec-2021-31-nomad-qemu-task-driver-allowed-paths-bypass-with-job-args/32288cve@mitre.org
Mitigation
Vendor Advisory
https://www.hashicorp.com/blog/category/nomadcve@mitre.org
Product
Vendor Advisory
Hyperlink: https://discuss.hashicorp.com/t/hcsec-2021-31-nomad-qemu-task-driver-allowed-paths-bypass-with-job-args/32288
Source: cve@mitre.org
Resource:
Mitigation
Vendor Advisory
Hyperlink: https://www.hashicorp.com/blog/category/nomad
Source: cve@mitre.org
Resource:
Product
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

8Records found
CVE-2021-41805
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-6.55% / 90.75%
||
7 Day CHG~0.00%
Published-12 Dec, 2021 | 04:51
Updated-04 Aug, 2024 | 03:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HashiCorp Consul Enterprise before 1.8.17, 1.9.x before 1.9.11, and 1.10.x before 1.10.4 has Incorrect Access Control. An ACL token (with the default operator:write permissions) in one namespace can be used for unintended privilege escalation in a different namespace.

Action-Not Available
Vendor-n/aHashiCorp, Inc.
Product-consuln/a
CWE ID-CWE-863
Incorrect Authorization
CVE-2021-37219
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.72% / 81.62%
||
7 Day CHG~0.00%
Published-07 Sep, 2021 | 11:33
Updated-04 Aug, 2024 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.8.15, 1.9.9 and 1.10.2.

Action-Not Available
Vendor-n/aHashiCorp, Inc.
Product-consuln/a
CWE ID-CWE-295
Improper Certificate Validation
CVE-2021-36230
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.55% / 67.05%
||
7 Day CHG~0.00%
Published-20 Jul, 2021 | 20:53
Updated-04 Aug, 2024 | 00:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HashiCorp Terraform Enterprise releases up to v202106-1 did not properly perform authorization checks on a subset of API requests executed using the run token, allowing privilege escalation to organization owner. Fixed in v202107-1.

Action-Not Available
Vendor-n/aHashiCorp, Inc.
Product-terraformn/a
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-7594
Matching Score-8
Assigner-HashiCorp Inc.
ShareView Details
Matching Score-8
Assigner-HashiCorp Inc.
CVSS Score-7.5||HIGH
EPSS-0.16% / 37.52%
||
7 Day CHG~0.00%
Published-26 Sep, 2024 | 19:52
Updated-08 Aug, 2025 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default

Vault’s SSH secrets engine did not require the valid_principals list to contain a value by default. If the valid_principals and default_user fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault’s SSH secrets engine could be used to authenticate as any user on the host. Fixed in Vault Community Edition 1.17.6, and in Vault Enterprise 1.17.6, 1.16.10, and 1.15.15.

Action-Not Available
Vendor-HashiCorp, Inc.
Product-vaultVaultVault Enterprisevault_enterprisevault_community_edition
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2023-1299
Matching Score-8
Assigner-HashiCorp Inc.
ShareView Details
Matching Score-8
Assigner-HashiCorp Inc.
CVSS Score-7.4||HIGH
EPSS-0.15% / 36.09%
||
7 Day CHG~0.00%
Published-14 Mar, 2023 | 14:46
Updated-27 Feb, 2025 | 15:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nomad Job Submitter Privilege Escalation Using Workload Identity

HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter to escalate to management-level privileges using workload identity and task API. Fixed in 1.5.1.

Action-Not Available
Vendor-HashiCorp, Inc.
Product-nomadNomad EnterpriseNomad
CWE ID-CWE-862
Missing Authorization
CVE-2025-3879
Matching Score-8
Assigner-HashiCorp Inc.
ShareView Details
Matching Score-8
Assigner-HashiCorp Inc.
CVSS Score-6.6||MEDIUM
EPSS-0.06% / 17.47%
||
7 Day CHG~0.00%
Published-02 May, 2025 | 16:15
Updated-12 Aug, 2025 | 01:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vault’s Azure Authentication Method bound_location Restriction Could be Bypassed on Login

Vault Community, Vault Enterprise (“Vault”) Azure Auth method did not correctly validate the claims in the Azure-issued token, resulting in the potential bypass of the bound_locations parameter on login. Fixed in Vault Community Edition 1.19.1 and Vault Enterprise 1.19.1, 1.18.7, 1.17.14, 1.16.18.

Action-Not Available
Vendor-HashiCorp, Inc.
Product-vaultVault EnterpriseVault
CWE ID-CWE-863
Incorrect Authorization
CVE-2021-40862
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.51% / 65.46%
||
7 Day CHG~0.00%
Published-15 Sep, 2021 | 18:03
Updated-04 Aug, 2024 | 02:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HashiCorp Terraform Enterprise up to v202108-1 contained an API endpoint that erroneously disclosed a sensitive URL to authenticated parties, which could be used for privilege escalation or unauthorized modification of a Terraform configuration. Fixed in v202109-1.

Action-Not Available
Vendor-n/aHashiCorp, Inc.
Product-terraform_enterprisen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-37218
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.17% / 38.16%
||
7 Day CHG~0.00%
Published-07 Sep, 2021 | 11:40
Updated-04 Aug, 2024 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HashiCorp Nomad and Nomad Enterprise Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.0.10 and 1.1.4.

Action-Not Available
Vendor-n/aHashiCorp, Inc.
Product-nomadn/a
CWE ID-CWE-295
Improper Certificate Validation
Details not found