VDB
CVE-2021-32575
CVE-2021-32575
PUBLISHED
HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge networking mode allows ARP spoofing from other bridged tasks on the same node. Fixed in 0.12.12, 1.0.5, and 1.1.0 RC1.
EPSS 0.08% · 23.7th percentile
Risk Scores
EPSS Score
0.08%
23.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:20.04:LTS | nomad | 0, 0.8.7+dfsg1-1ubuntu1 |
| Ubuntu:18.04:LTS | nomad | 0, * |
Timeline
- Jun 17, 2021 CVE Published
- Jun 19, 2021 EPSS Score
- Aug 18, 2021 EPSS Score
- Oct 18, 2021 EPSS Score
- Dec 17, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 16, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Apr 17, 2022 EPSS Score
- Jun 17, 2022 EPSS Score
- Aug 17, 2022 EPSS Score
- Oct 17, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-32575 third-party-advisory
- https://www.hashicorp.com/blog/category/nomad third-party-advisory
- https://discuss.hashicorp.com/t/hcsec-2021-14-nomad-bridge-networking-mode-allows-arp-spoofing-from-other-bridged-tasks-on-same-node/24296 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-32575 third-party-advisory