CVE-2023-0821
Published: 16 February 2023
Summary
CVE-2023-0821 is a medium-severity Data Amplification (CWE-409) vulnerability in Hashicorp Nomad. Its CVSS base score is 6.5 (Medium).
Operationally, ranked in the top 35.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-0807
Vulnerability details
HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source can cause excessive disk usage. Fixed in 1.2.16, 1.3.9, and 1.4.4.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Limits effects of data amplification from compressed or malicious inputs.