CVE-2020-27195

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-27195

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-27195.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-27195

Aliases

Downstream

UBUNTU-CVE-2020-27195

Published

2020-10-22T17:15:12.597Z

Modified

2026-03-13T00:38:06.147525Z

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

HashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5 client file sandbox feature can be subverted using either the template or artifact stanzas. Fixed in 0.12.6, 0.11.5, and 0.10.6

References

Affected packages

Git / github.com/hashicorp/nomad

Affected ranges

Type

GIT

Repo

https://github.com/hashicorp/nomad

Events

Introduced

d77075ff2053cd2e23b6a0f8b09cd43424bed792

Last affected

fce99f12a297c9f83160450bc632611877e07873

Introduced

d77075ff2053cd2e23b6a0f8b09cd43424bed792

Last affected

fce99f12a297c9f83160450bc632611877e07873

Introduced

ca5cd15eeffd40b68043c94eefff1ec7e6dc703f

Last affected

3c6abec8d4a5c1af96ac3e1910a90949390dea19

Introduced

ca5cd15eeffd40b68043c94eefff1ec7e6dc703f

Last affected

3c6abec8d4a5c1af96ac3e1910a90949390dea19

Introduced

b1aa9e2166e72b75d7e0ed39ff456393beb0f421

Last affected

ec7bf9de21bfe3623ff04b009f26aaf488bae2b1

Introduced

b1aa9e2166e72b75d7e0ed39ff456393beb0f421

Last affected

ec7bf9de21bfe3623ff04b009f26aaf488bae2b1

Database specific

{
    "versions": [
        {
            "introduced": "0.9.0"
        },
        {
            "last_affected": "0.10.5"
        },
        {
            "introduced": "0.9.0"
        },
        {
            "last_affected": "0.10.5"
        },
        {
            "introduced": "0.11.0"
        },
        {
            "last_affected": "0.11.4"
        },
        {
            "introduced": "0.11.0"
        },
        {
            "last_affected": "0.11.4"
        },
        {
            "introduced": "0.12.0"
        },
        {
            "last_affected": "0.12.5"
        },
        {
            "introduced": "0.12.0"
        },
        {
            "last_affected": "0.12.5"
        }
    ]
}

Affected versions

v0.*

v0.12.0

v0.12.1

v0.12.2

v0.12.3

v0.12.4

v0.12.4-rc1

v0.12.5

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-27195.json"