ROS-20250526-05

Nomad application orchestrator vulnerability related to the fact that the HTTP search API can expose the names of available CSI plugins. of available CSI plugins. Exploitation of the vulnerability could allow an attacker acting remotely, gain access to sensitive information Nomad application orchestrator vulnerability related to the use of invalid S3 or GCS. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service Nomad Application Orchestrator vulnerability related to ACL policies not using security labels. security labels. Exploitation of the vulnerability could allow an attacker acting remotely to access to sensitive information Nomad Application Orchestrator vulnerability related to improper privilege management in Nomad Job Submitter, where a workload ID without any policies associated with the workload, was treated as a management token. Exploitation of the vulnerability could allow an attacker acting remotely to escalate privileges Nomad application orchestrator vulnerability related to incorrect processing of highly compressed input data. data. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of…Read More