[Git][security-tracker-team/security-tracker][master] Add two new nomad CVEs

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9800528d by Salvatore Bonaccorso at 2023-03-15T21:42:12+01:00
Add two new nomad CVEs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1421,7 +1421,8 @@ CVE-2023-1301 (A vulnerability, which was classified as critical, has been found
 CVE-2023-1300 (A vulnerability classified as critical was found in SourceCodester COV ...)
 	NOT-FOR-US: SourceCodester
 CVE-2023-1299 (HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter to es ...)
-	TODO: check
+	- nomad <not-affected> (Vulnerable code not present; Introduced in 1.5.0)
+	NOTE: https://discuss.hashicorp.com/t/hcsec-2023-08-nomad-job-submitter-privilege-escalation-using-workload-identity/51389
 CVE-2023-1298
 	RESERVED
 CVE-2023-28004
@@ -1463,7 +1464,8 @@ CVE-2023-27987
 CVE-2023-1297
 	RESERVED
 CVE-2023-1296 (HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.5.0 did not correct ...)
-	TODO: check
+	- nomad <not-affected> (Vulnerable code not present)
+	NOTE: https://discuss.hashicorp.com/t/hcsec-2023-09-nomad-acls-can-not-deny-access-to-workloads-own-variables/51390
 CVE-2023-1295
 	RESERVED
 CVE-2023-1294 (A vulnerability was found in SourceCodester File Tracker Manager Syste ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9800528d26ff33f9c7af9a68bb8d1f37bce77f8b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9800528d26ff33f9c7af9a68bb8d1f37bce77f8b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230315/16c6d0e9/attachment.htm>