CNNVD-202506-1603 Information

Jun 11, 2025 cve

CNNVD ID

CNNVD-202506-1603

CVE-2025-4922

CNNVD Published: 2025-06-11

Description (Chinese)

HashiCorp Nomad Enterprise和HashiCorp Nomad Community都是美国HashiCorp公司的产品。HashiCorp Nomad Enterprise是一个 Nomad 软件的专业版。HashiCorp Nomad Community是一款工作负载调度器。 HashiCorp Nomad Enterprise和HashiCorp Nomad Community存在安全漏洞，该漏洞源于ACL策略查找不当，可能导致规则应用错误。

Description (English)

HashiCorp Nomad Enterprise and HashiCorp Nomad Community are products of the United States company HashiCorp. HashiCorp Nomad Enterprise is a professional version of Nomad software. HashiCorp Nomad Community is a task load dispatcher. There is a security loophole in HashiCorp Nomad Enterprise and HasiCorp Nomad Community, which stems from inappropriate ACL strategy searches and may lead to errors in the application of the rules.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

HashiCorp

Published

2025-06-11

Last Modified

2026-02-24

References

https://discuss.hashicorp.com/t/hcsec-2025-12-nomad-vulnerable-to-incorrect-acl-policy-lookup-attached-to-a-job/75396 https://nvd.nist.gov/vuln/detail/CVE-2025-4922

Patch

https://developer.hashicorp.com/nomad/docs/upgrade/upgrade-specific

Share on: