Site icon API Security Blog

Privilege Escalation

github.com/hashicorp/nomad is vulnerable to Privilege Escalation. A remote attacker with the `submit-job` ACL permission is able to escalate to management-level privileges using the workload identity and task API by submitting a job without ACL policies.Read More

Exit mobile version