CVE-2020-28348

NameCVE-2020-28348
DescriptionHashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be subverted when not explicitly disabled or when using a volume mount type. Fixed in 0.12.8, 0.11.7, and 0.10.8.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium
Debian Bugs976593

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
nomad (PTS)bullseye0.10.9+dfsg1-1fixed
sid0.12.9+dfsg1-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
nomadsource(unstable)0.10.9+dfsg1-1976593

Notes

https://github.com/hashicorp/nomad/issues/9303

Search for package or bug name: Reporting problems