Nixpkgs security tracker

Login with GitHub

Suggestions search

Published
Filter by:
With package: nomad_1_10

Found 2 matching suggestions

View:
Compact
Detailed
Permalink CVE-2026-7474
8.8 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): High (H)
updated 6 hours ago by @LeSuisse Activity log
  • Created suggestion 12 hours ago
  • @LeSuisse ignored
    13 packages
    • git-nomad
    • nomad-pack
    • nomad-autoscaler
    • nomad-driver-podman
    • nomad-driver-containerd
    • terraform-providers.nomad
    • python312Packages.nomadnet
    • python313Packages.nomadnet
    • python314Packages.nomadnet
    • python312Packages.python-nomad
    • python313Packages.python-nomad
    • python314Packages.python-nomad
    • terraform-providers.hashicorp_nomad
    7 hours ago
  • @LeSuisse accepted 7 hours ago
  • @LeSuisse published on GitHub 6 hours ago
Nomad vulnerable to path traversal in dynamic host volume which may lead to code execution

HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to code execution on the client host through a path traversal attack. This vulnerability (CVE-2026-7474) is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11.

Affected products

Nomad
  • <2.0.1
Nomad Enterprise
  • <2.0.1

Matching in nixpkgs

pkgs.nomad

Distributed, Highly Available, Datacenter-Aware Scheduler

pkgs.nomad_1_9

Distributed, Highly Available, Datacenter-Aware Scheduler

pkgs.nomad_1_11

Distributed, Highly Available, Datacenter-Aware Scheduler

Ignored packages (13)

pkgs.git-nomad

Synchronize work-in-progress git branches in a light weight fashion

pkgs.nomad-pack

Nomad Pack is a templating and packaging tool used with HashiCorp Nomad

Package maintainers

Permalink CVE-2026-6959
6.0 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): High (H)
  • User Interaction (UI): None (N)
  • Scope (S): Changed (C)
  • Confidentiality (C): None (N)
  • Integrity (I): High (H)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): High (H)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Changed (C)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): None (N)
updated 6 hours ago by @LeSuisse Activity log
  • Created suggestion 12 hours ago
  • @LeSuisse ignored
    12 packages
    • git-nomad
    • nomad-autoscaler
    • nomad-driver-podman
    • nomad-driver-containerd
    • terraform-providers.nomad
    • python312Packages.nomadnet
    • python313Packages.nomadnet
    • python314Packages.nomadnet
    • python312Packages.python-nomad
    • python313Packages.python-nomad
    • python314Packages.python-nomad
    • terraform-providers.hashicorp_nomad
    7 hours ago
  • @LeSuisse accepted 7 hours ago
  • @LeSuisse published on GitHub 6 hours ago
Nomad vulnerable to arbitrary file read/write on client host through symlink attack

HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability (CVE-2026-6959) is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11.

Affected products

Nomad
  • <2.0.1
Nomad Enterprise
  • <2.0.1

Matching in nixpkgs

pkgs.nomad

Distributed, Highly Available, Datacenter-Aware Scheduler

pkgs.nomad_1_9

Distributed, Highly Available, Datacenter-Aware Scheduler

pkgs.nomad-pack

Nomad Pack is a templating and packaging tool used with HashiCorp Nomad

pkgs.nomad_1_11

Distributed, Highly Available, Datacenter-Aware Scheduler

Ignored packages (12)

pkgs.git-nomad

Synchronize work-in-progress git branches in a light weight fashion

Package maintainers