CVE-2023-3300 Vulnerability Details

  /     /     /  

CVE-2023-3300 Metadata Quick Info

CVE Published: 19/07/2023 | CVE Updated: 24/10/2024 | CVE Year: 2023
Source: HashiCorp | Vendor: HashiCorp | Product: Nomad
Status : PUBLISHED

---

CVE-2023-3300 Description

HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and 1.4.1.

Metrics

CVSS Version: 3.1 | Base Score: 5.3 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-266
CWE Name: CWE-266: Incorrect Privilege Assignment
Source: HashiCorp

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-1
CAPEC Description: CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs


Source: NVD (National Vulnerability Database).