CVE-2023-3300 MEDIUM

CVE-2023-3300: Nomad Search API Leaks Information About CSI Plugins

Vendor Hashicorp
Product Nomad
Weakness CWE-266
Published July 19, 2023
Last update October 24, 2024

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and 1.4.1.

Key dates

02Disclosure timeline

July 19, 2023 CVE published
October 24, 2024 Record updated