{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-05T18:16:30.348","vulnerabilities":[{"cve":{"id":"CVE-2024-12678","sourceIdentifier":"security@hashicorp.com","published":"2024-12-20T02:15:05.500","lastModified":"2025-12-12T20:19:49.517","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Nomad Community and Nomad Enterprise (\"Nomad\") allocations are vulnerable to privilege escalation within a namespace through unredacted workload identity tokens. This vulnerability, identified as CVE-2024-12678, is fixed in Nomad Community Edition 1.9.4 and Nomad Enterprise 1.9.4, 1.8.8, and 1.7.16."},{"lang":"es","value":"Las asignaciones de Nomad Community y Nomad Enterprise (\"Nomad\") son vulnerables a la escalada de privilegios dentro de un espacio de nombres a través de tokens de identidad de carga de trabajo sin redactar. Esta vulnerabilidad, identificada como CVE-2024-12678, se solucionó en Nomad Community Edition 1.9.4 y Nomad Enterprise 1.9.4, 1.8.8 y 1.7.16."}],"metrics":{"cvssMetricV31":[{"source":"security@hashicorp.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security@hashicorp.com","type":"Secondary","description":[{"lang":"en","value":"CWE-266"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hashicorp:nomad:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"1.4.0","versionEndExcluding":"1.7.16","matchCriteriaId":"5C6F2DE8-8330-42F4-9A13-7225FF7C8D14"},{"vulnerable":true,"criteria":"cpe:2.3:a:hashicorp:nomad:*:*:*:*:community:*:*:*","versionStartIncluding":"1.4.0","versionEndExcluding":"1.9.4","matchCriteriaId":"30A24C79-D0BE-4B4F-A8AC-AD73F7013C6E"},{"vulnerable":true,"criteria":"cpe:2.3:a:hashicorp:nomad:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"1.8.0","versionEndExcluding":"1.8.8","matchCriteriaId":"4C05CC84-EF49-4438-8650-1AC9AE50E2DB"},{"vulnerable":true,"criteria":"cpe:2.3:a:hashicorp:nomad:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"1.9.0","versionEndExcluding":"1.9.4","matchCriteriaId":"7A7B2EA3-2E42-4BFC-8C29-AB477467A0F8"}]}]}],"references":[{"url":"https://discuss.hashicorp.com/t/hcsec-2024-29-nomad-allocations-vulnerable-to-privilege-escalation-within-a-namespace-using-unredacted-workload-identity-token/72119","source":"security@hashicorp.com","tags":["Vendor Advisory"]}]}}]}