CVE Catalog
CVE-2023-3299
LowCVSS 3.4Exploitation Probability (EPSS)
Low risk0.49%
38th percentile — higher than 38% of all known CVEs
Summary
In HashiCorp Nomad Enterprise versions 1.2.11 to 1.5.6 and 1.4.10, ACL policies using a block without a label generate unexpected results. This issue is fixed in versions 1.6.0, 1.5.7, and 1.4.11.
Risk Assessment
Unexpected results from ACL policies may lead to unauthorized access or improper resource management in the system, posing a security risk to the organization.
Recommendation
It is recommended to upgrade to versions 1.6.0, 1.5.7, or 1.4.11 to mitigate this vulnerability.
Original NVD description (English source)
HashiCorp Nomad Enterprise 1.2.11 up to 1.5.6, and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11.

