GMS-2022-818: Information Exposure Through Environmental Variables

February 15, 2022 (updated April 12, 2022)

In Nomad before version 0.9.5, when rendering a task template, all environment variables were available to the rendering task. As a fix, only task environment variables are used.

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14802
github.com/advisories/GHSA-6hv3-7c34-4hx8
github.com/hashicorp/nomad/pull/6055
github.com/hashicorp/nomad/releases/tag/v0.9.5

Code Behaviors & Features

Detect and mitigate GMS-2022-818 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →