{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-0937", "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "state": "PUBLISHED", "assignerShortName": "HashiCorp", "dateReserved": "2025-01-31T17:42:01.531Z", "datePublished": "2025-02-12T18:59:25.011Z", "dateUpdated": "2025-02-12T19:32:54.537Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux"], "product": "Nomad", "repo": "https://github.com/hashicorp/nomad", "vendor": "HashiCorp", "versions": [{"lessThan": "1.9.6", "status": "affected", "version": "1.0.0", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "platforms": ["64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux"], "product": "Nomad Enterprise", "repo": "https://github.com/hashicorp/nomad", "vendor": "HashiCorp", "versions": [{"changes": [{"at": "1.8.10", "status": "unaffected"}, {"at": "1.7.18", "status": "unaffected"}], "lessThan": "1.9.6", "status": "affected", "version": "1.0.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Nomad Community and Nomad Enterprise (\"Nomad\") event stream configured with a wildcard namespace can bypass the ACL Policy allowing reads on other namespaces.</p><br/>"}], "value": "Nomad Community and Nomad Enterprise (\"Nomad\") event stream configured with a wildcard namespace can bypass the ACL Policy allowing reads on other namespaces."}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233: Privilege Escalation"}]}], "metrics": [{"cvssV3_1": {"baseScore": 7.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-863", "description": "CWE-863: Incorrect Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "shortName": "HashiCorp", "dateUpdated": "2025-02-12T18:59:25.011Z"}, "references": [{"url": "https://discuss.hashicorp.com/t/hcsec-2025-02-nomad-vulnerable-to-event-stream-namespace-acl-policy-bypass-through-wildcard-namespace/73191"}], "source": {"advisory": "HCSEC-2025-02", "discovery": "INTERNAL"}, "title": "Nomad Vulnerable To Event Stream Namespace ACL Policy Bypass Through Wildcard Namespace"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-12T19:32:44.227668Z", "id": "CVE-2025-0937", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-12T19:32:54.537Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-0937", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-12T19:32:44.227668Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-12T19:32:49.894Z"}}], "cna": {"title": "Nomad Vulnerable To Event Stream Namespace ACL Policy Bypass Through Wildcard Namespace", "source": {"advisory": "HCSEC-2025-02", "discovery": "INTERNAL"}, "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "CAPEC-233: Privilege Escalation"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 7.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/hashicorp/nomad", "vendor": "HashiCorp", "product": "Nomad", "versions": [{"status": "affected", "version": "1.0.0", "lessThan": "1.9.6", "versionType": "semver"}], "platforms": ["64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux"], "defaultStatus": "unaffected"}, {"repo": "https://github.com/hashicorp/nomad", "vendor": "HashiCorp", "product": "Nomad Enterprise", "versions": [{"status": "affected", "changes": [{"at": "1.8.10", "status": "unaffected"}, {"at": "1.7.18", "status": "unaffected"}], "version": "1.0.0", "lessThan": "1.9.6", "versionType": "semver"}], "platforms": ["64 bit", "32 bit", "x86", "ARM", "MacOS", "Windows", "Linux"], "defaultStatus": "unaffected"}], "references": [{"url": "https://discuss.hashicorp.com/t/hcsec-2025-02-nomad-vulnerable-to-event-stream-namespace-acl-policy-bypass-through-wildcard-namespace/73191"}], "descriptions": [{"lang": "en", "value": "Nomad Community and Nomad Enterprise (\"Nomad\") event stream configured with a wildcard namespace can bypass the ACL Policy allowing reads on other namespaces.", "supportingMedia": [{"type": "text/html", "value": "<p>Nomad Community and Nomad Enterprise (\"Nomad\") event stream configured with a wildcard namespace can bypass the ACL Policy allowing reads on other namespaces.</p><br/>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-863", "description": "CWE-863: Incorrect Authorization"}]}], "providerMetadata": {"orgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "shortName": "HashiCorp", "dateUpdated": "2025-02-12T18:59:25.011Z"}}}, "cveMetadata": {"cveId": "CVE-2025-0937", "state": "PUBLISHED", "dateUpdated": "2025-02-12T19:32:54.537Z", "dateReserved": "2025-01-31T17:42:01.531Z", "assignerOrgId": "67fedba0-ff2e-4543-ba5b-aa93e87718cc", "datePublished": "2025-02-12T18:59:25.011Z", "assignerShortName": "HashiCorp"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hashicorp:nomad:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "7B87D926-0E01-42CC-ACB0-228B6827FB18", "versionEndExcluding": "1.7.18", "versionStartIncluding": "1.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hashicorp:nomad:*:*:*:*:-:*:*:*", "matchCriteriaId": "6111E2D5-3811-40DD-B1D6-45154D57FF0A", "versionEndExcluding": "1.9.6", "versionStartIncluding": "1.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hashicorp:nomad:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "8E556A0A-3BA8-4712-8509-A26F611F3EA6", "versionEndExcluding": "1.8.10", "versionStartIncluding": "1.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hashicorp:nomad:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "031404A5-C074-44AF-AE6D-B6A6AD8F7451", "versionEndExcluding": "1.9.6", "versionStartIncluding": "1.9.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Nomad Community and Nomad Enterprise (\"Nomad\") event stream configured with a wildcard namespace can bypass the ACL Policy allowing reads on other namespaces."}, {"lang": "es", "value": "El flujo de eventos de Nomad Community y Nomad Enterprise (\"Nomad\") configurado con un espacio de nombres comod\u00edn puede omitir la pol\u00edtica de ACL y permitir lecturas en otros espacios de nombres."}], "id": "CVE-2025-0937", "lastModified": "2025-12-15T21:07:54.137", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.2, "source": "security@hashicorp.com", "type": "Secondary"}]}, "published": "2025-02-12T19:15:09.687", "references": [{"source": "security@hashicorp.com", "tags": ["Vendor Advisory"], "url": "https://discuss.hashicorp.com/t/hcsec-2025-02-nomad-vulnerable-to-event-stream-namespace-acl-policy-bypass-through-wildcard-namespace/73191"}], "sourceIdentifier": "security@hashicorp.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "security@hashicorp.com", "type": "Secondary"}]}

{"bugzilla": {"description": "nomad: Nomad Vulnerable To Event Stream Namespace ACL Policy Bypass Through Wildcard Namespace", "id": "2345327", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345327"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "status": "draft"}, "cwe": "CWE-863", "details": ["Nomad Community and Nomad Enterprise (\"Nomad\") event stream configured with a wildcard namespace can bypass the ACL Policy allowing reads on other namespaces.", "A flaw was discovered in Hashicorp Nomad. In affected versions of this package, the vulnerability is exploitable when reading from the event stream endpoint with a wildcard namespace, which can be used to bypass the ACL policy checks that would not otherwise permit access to a given namespace due to a discrepancy in how ACL wildcards are validated."], "mitigation": {"lang": "en:us", "value": "No mitigation is available for this issue other than updating the affected package to the version containing the fix."}, "name": "CVE-2025-0937", "package_state": [{"cpe": "cpe:/a:redhat:openshift_distributed_tracing:3", "fix_state": "Not affected", "package_name": "rhosdt/opentelemetry-collector-rhel8", "product_name": "Red Hat OpenShift distributed tracing 3"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:3", "fix_state": "Not affected", "package_name": "rhosdt/opentelemetry-operator-bundle", "product_name": "Red Hat OpenShift distributed tracing 3"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:3", "fix_state": "Not affected", "package_name": "rhosdt/opentelemetry-rhel8-operator", "product_name": "Red Hat OpenShift distributed tracing 3"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:3", "fix_state": "Not affected", "package_name": "rhosdt/opentelemetry-target-allocator-rhel8", "product_name": "Red Hat OpenShift distributed tracing 3"}], "public_date": "2025-02-12T18:59:25Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-0937\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-0937\nhttps://discuss.hashicorp.com/t/hcsec-2025-02-nomad-vulnerable-to-event-stream-namespace-acl-policy-bypass-through-wildcard-namespace/73191"], "statement": "HashiCorp Nomad is a third party dependency in Red Hat Distributed Tracing. The affected codebase of HashiCorp Nomad is not shipped in Red Hat Distributed Tracing.", "threat_severity": "Important"}

{}