-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| github.com/hashicorp/nomad | go | >= 0.9.0, <= 0.9.1 | 0.9.2 |
GoGoMiggo AIRoot Cause AnalysisThe vulnerability stemmed from improper capability management in Nomad's exec driver. The GitHub issue #5783 explicitly states the regression introduced in 0.9.0 allowed exec tasks to retain full Linux capabilities. The fix in #5728 would have modified capability configuration logic, which is typically handled in executor_linux.go for Linux-specific implementations. The function responsible for setting/dropping capabilities during task initialization would be the root cause, as confirmed by the CWE-269 (Improper Privilege Management) mapping and the vendor's description of the regression.
Ongoing coverage of React2Shell