CVE-2020-27195

NameCVE-2020-27195
DescriptionHashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5 client file sandbox feature can be subverted using either the template or artifact stanzas. Fixed in 0.12.6, 0.11.5, and 0.10.6
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium
Debian Bugs972795

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
nomad (PTS)bullseye, sid0.10.5+dfsg1-3vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
nomadsource(unstable)(unfixed)972795

Notes

https://github.com/hashicorp/nomad/issues/9129
https://github.com/hashicorp/nomad/commit/a8ea7c5f421297db434b45046fca7a9deef6df85 (0.12.6)

Search for package or bug name: Reporting problems