CVE-2022-3867
unknown
CVSS v3
—
CVSS v2
—
VIR risk
—
Description
HashiCorp Nomad vulnerable to Insufficient Session Expiration in github.com/hashicorp/nomad
Predictions
Exploit likelihood
30%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Go | github.com/hashicorp/nomad | >=1.4.0,<1.4.2 | 1.4.2 |
References
- https://nvd.nist.gov/vuln/detail/CVE-2022-3867
- https://github.com/hashicorp/nomad/commit/dd6a4634a9652197fe4182e830f9a737d0ae1216
- https://discuss.hashicorp.com/t/hcsec-2022-26-nomad-s-event-stream-subscriber-using-acl-token-with-ttl-receive-updates-until-garbage-collected/46168
- https://github.com/hashicorp/nomad
- https://github.com/advisories/GHSA-9fmc-5fq4-5jwh
Verify integrity in audit chain (admin only). AS-IS.