VDB
CVE-2020-27195
CVE-2020-27195
PUBLISHED
HashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5 client file sandbox feature can be subverted using either the template or artifact stanzas. Fixed in 0.12.6, 0.11.5, and 0.10.6
EPSS 0.31% · 54.1th percentile
Risk Scores
EPSS Score
0.31%
54.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:20.04:LTS | nomad | 0, 0.8.7+dfsg1-1ubuntu1 |
| Ubuntu:18.04:LTS | nomad | 0, * |
Timeline
- Oct 22, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 22, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 27, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 5, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-27195 third-party-advisory
- https://github.com/hashicorp/nomad/commit/a8ea7c5f421297db434b45046fca7a9deef6df85 third-party-advisory
- https://github.com/hashicorp/nomad/blob/master/CHANGELOG.md#0126-october-21-2020 third-party-advisory
- https://www.nomadproject.io/downloads third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-27195 third-party-advisory