- Description
- Nomad Community and Nomad Enterprise (“Nomad”) are vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs. This vulnerability, identified as CVE-2025-1296, is fixed in Nomad Community Edition 1.9.7 and Nomad Enterprise 1.9.7, 1.8.11, and 1.7.19.
- Source
- security@hashicorp.com
- NVD status
- Analyzed
- Products
- nomad
CVSS 3.1
- Type
- Secondary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
- security@hashicorp.com
- CWE-532
- Hype score
- Not currently trending
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hashicorp:nomad:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "626AAF2A-C4BD-49A2-B937-0A77D64E30CB",
"versionEndExcluding": "1.7.19",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:nomad:*:*:*:*:-:*:*:*",
"matchCriteriaId": "6A92234C-FAE7-41FD-BE67-031D5C60D17E",
"versionEndExcluding": "1.9.7",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:nomad:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "BFA81749-8501-417A-B3AD-5932FD1A6297",
"versionEndExcluding": "1.8.11",
"versionStartIncluding": "1.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hashicorp:nomad:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "785B5C2C-A6BB-4696-B7CC-4E6E2B8F58A1",
"versionEndExcluding": "1.9.7",
"versionStartIncluding": "1.9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]