x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-5x92-p4p5-33c4 #1476

GoVulnBot · 2023-01-11T06:01:34Z

In GitHub Security Advisory GHSA-5x92-p4p5-33c4, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/hashicorp/nomad	0.12.7	>= 0.9.0, < 0.12.7

Cross references:

Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-6jm6-cmcp-fqjq #560 EFFECTIVELY_PRIVATE
Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-2jhh-5xm2-j4gf #573 EFFECTIVELY_PRIVATE
Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-3382-r9q8-4hfg #577 EFFECTIVELY_PRIVATE
Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-wmrx-57hm-mw7r #584 EFFECTIVELY_PRIVATE
Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-c8x3-rg72-fwwg #591 EFFECTIVELY_PRIVATE
Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-gwmc-6795-qghj #600 EFFECTIVELY_PRIVATE
Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-35qp-xq9f-2rjx #622 EFFECTIVELY_PRIVATE
Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad/client/allocrunner/taskrunner/template: GHSA-6hv3-7c34-4hx8 #634 EFFECTIVELY_PRIVATE
Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-vf6q-9f2f-mwhv #709 NOT_IMPORTABLE
Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-526x-rm7j-v389 #732 NOT_IMPORTABLE
CVE-2020-28348 appears in issue x/vulndb: potential Go vuln in github.com/binance-chain/tss-lib/ecdsa/keygen: GHSA-5x92-p4p5-33c4 #770 #770 EFFECTIVELY_PRIVATE
GHSA-5x92-p4p5-33c4 appears in issue x/vulndb: potential Go vuln in github.com/binance-chain/tss-lib/ecdsa/keygen: GHSA-5x92-p4p5-33c4 #770 #770 EFFECTIVELY_PRIVATE
Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad/client/allocrunner/taskrunner/template: GHSA-77cr-6gr8-7rr9 #806 NOT_IMPORTABLE
Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-cj2h-ww36-v932 #821 NOT_IMPORTABLE
Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad/command/agent: GHSA-h43v-26r7-7j4c #840 NOT_IMPORTABLE
Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-7v3g-4878-5qrf #1062 EFFECTIVELY_PRIVATE
Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-7wg4-8m5p-hrfg #1105 EFFECTIVELY_PRIVATE
Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-9fmc-5fq4-5jwh #1106 EFFECTIVELY_PRIVATE

See doc/triage.md for instructions on how to triage this report.

modules:
  - module: github.com/hashicorp/nomad
    versions:
      - introduced: 0.9.0
        fixed: 0.12.7
    packages:
      - package: github.com/hashicorp/nomad
  - module: github.com/hashicorp/nomad
    versions:
      - introduced: 0.12.0-beta1
        fixed: 0.12.8
    packages:
      - package: github.com/hashicorp/nomad/drivers/docker
  - module: github.com/hashicorp/nomad
    versions:
      - introduced: 0.11.0-beta1
        fixed: 0.11.7
    packages:
      - package: github.com/hashicorp/nomad/drivers/docker
  - module: github.com/hashicorp/nomad
    versions:
      - introduced: 0.9.0
        fixed: 0.10.8
    packages:
      - package: github.com/hashicorp/nomad/drivers/docker
description: HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker
    file sandbox feature may be subverted when not explicitly disabled or when using
    a volume mount type. Fixed in 0.12.8, 0.11.7, and 0.10.8.
cves:
  - CVE-2020-28348
ghsas:
  - GHSA-5x92-p4p5-33c4

The text was updated successfully, but these errors were encountered:

tatianab · 2023-01-13T17:33:40Z

Duplicate of #770

tatianab added the duplicate label Jan 13, 2023

tatianab closed this as completed Jan 13, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-5x92-p4p5-33c4 #1476

x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-5x92-p4p5-33c4 #1476

GoVulnBot commented Jan 11, 2023

tatianab commented Jan 13, 2023

x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-5x92-p4p5-33c4 #1476

x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-5x92-p4p5-33c4 #1476

Comments

GoVulnBot commented Jan 11, 2023

tatianab commented Jan 13, 2023