CVE-2023-1782 – This vulnerability allows unauthenticated users... (How to Fix)

Q: What is the severity of CVE-2023-1782?

CVE-2023-1782 has a CVSS score of 9.9 (CRITICAL). This vulnerability allows unauthenticated users to bypass ACL (Access Control List) authorizations in HashiCorp Nomad clusters where mTLS (mutual TLS) is not enabled. Attackers can escalate privileges and potentially access sensitive cluster resources without proper authentication. Affected systems are Nomad and Nomad Enterprise versions 1.5.0 through 1.5.2 without mTLS enabled.

📋 TL;DR

This vulnerability allows unauthenticated users to bypass ACL (Access Control List) authorizations in HashiCorp Nomad clusters where mTLS (mutual TLS) is not enabled. Attackers can escalate privileges and potentially access sensitive cluster resources without proper authentication. Affected systems are Nomad and Nomad Enterprise versions 1.5.0 through 1.5.2 without mTLS enabled.

💻 Affected Systems

Products:

HashiCorp Nomad
HashiCorp Nomad Enterprise

Versions: 1.5.0 through 1.5.2

Operating Systems: All supported platforms

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when mTLS is not enabled. Clusters with mTLS enabled are not affected.

📦 What is this software?

Nomad by Hashicorp

View all CVEs affecting Nomad →

Nomad by Hashicorp

View all CVEs affecting Nomad →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete cluster compromise where unauthenticated attackers gain administrative access to all Nomad resources, allowing them to deploy malicious jobs, access sensitive data, and disrupt operations.

🟠

Likely Case

Unauthenticated attackers bypass ACL controls to access restricted resources, potentially stealing sensitive data or deploying unauthorized workloads.

🟢

If Mitigated

With mTLS enabled, the vulnerability is not exploitable, maintaining normal ACL enforcement and cluster security.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires network access to Nomad API endpoints and knowledge that mTLS is disabled.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.5.3

Vendor Advisory: https://discuss.hashicorp.com/t/hcsec-2023-12-nomad-unauthenticated-client-agent-http-request-privilege-escalation/52375

Restart Required: Yes

Instructions:

1. Download Nomad 1.5.3 from HashiCorp releases. 2. Stop Nomad services. 3. Replace binary with 1.5.3 version. 4. Restart Nomad services. 5. Verify all nodes are running 1.5.3.

🔧 Temporary Workarounds

Enable mTLS

all

Enable mutual TLS authentication for all Nomad agent communication to prevent exploitation.

nomad tls ca create
nomad tls cert create -server
nomad tls cert create -client
Configure nomad.hcl with tls { http = true rpc = true }

🧯 If You Can't Patch

Enable mTLS immediately on all Nomad agents
Restrict network access to Nomad API endpoints using firewall rules

🔍 How to Verify

Check if Vulnerable:

Check Nomad version with 'nomad version' and verify mTLS is disabled in configuration.

Check Version:

nomad version

Verify Fix Applied:

Confirm version is 1.5.3 or higher with 'nomad version' and test ACL enforcement with unauthenticated requests.

📡 Detection & Monitoring

Log Indicators:

Unauthenticated API requests to sensitive endpoints
ACL authorization failures followed by successful access

Network Indicators:

HTTP requests to Nomad API without TLS client certificates
Unusual traffic patterns to /v1/ endpoints from unauthorized sources

SIEM Query:

source="nomad" AND (http_status=200 OR http_status=201) AND NOT (tls_client_cert_present=true) AND (uri_path="/v1/*")

📊 Metadata

CVE ID: CVE-2023-1782

CVSS v3 Score: 9.9 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-862

Published: April 5, 2023

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-1782, you might also want to check these: