VDB

CVE-2024-12678

CVE-2024-12678 PUBLISHED CVSS 6.5 MEDIUM

Nomad Community and Nomad Enterprise ("Nomad") allocations are vulnerable to privilege escalation within a namespace through unredacted workload identity tokens. This vulnerability, identified as CVE-2024-12678, is fixed in Nomad Community Edition 1.9.4 and Nomad Enterprise 1.9.4, 1.8.8, and 1.7.16.

EPSS 0.41% · 61.6th percentile

Risk Scores

CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.41%
61.6th percentile

Affected Products

VendorProductVersions
HashiCorpNomad1.4.0, 1.4.0
github.comhashicorp/nomad0, 0, 0
hashicorpnomad1.9.0, 1.4.0, 1.8.0
HashiCorpNomad Enterprise1.4.0, 1.4.0

Timeline

  • Dec 20, 2024 CVE Published
  • Dec 20, 2024 EPSS Score
  • Dec 20, 2024 PoC Published
  • Dec 20, 2024 PoC Published
  • Dec 20, 2024 PoC Published
  • Jan 5, 2025 EPSS Score
  • Jan 22, 2025 EPSS Score
  • Feb 7, 2025 EPSS Score
  • Feb 24, 2025 EPSS Score
  • Mar 12, 2025 EPSS Score
  • Mar 28, 2025 EPSS Score
  • Apr 14, 2025 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›