HashiCorp Nomad and Nomad Enterprise up to 0.10.2 incorrectly validated role/region associated with TLS certificates used for mTLS RPC, and were susceptible to privilege escalation. Fixed in 0.10.3.
{ "github_reviewed_at": "2021-05-13T14:53:36Z", "severity": "HIGH", "nvd_published_at": null, "github_reviewed": true, "cwe_ids": [ "CWE-295" ] }