{"id":"GO-2024-2669","summary":"API token secret ID leak to Sentinel in github.com/hashicorp/nomad","details":"A vulnerability exists in Nomad where the API caller's ACL token secret ID is exposed to Sentinel policies.","aliases":["CVE-2023-3299","GHSA-9jfx-84v9-2rr2"],"modified":"2026-03-03T04:51:46.383800Z","published":"2024-04-04T18:42:45Z","database_specific":{"url":"https://pkg.go.dev/vuln/GO-2024-2669","review_status":"REVIEWED"},"references":[{"type":"REPORT","url":"https://github.com/hashicorp/nomad/issues/17907"},{"type":"WEB","url":"https://discuss.hashicorp.com/t/hcsec-2023-21-nomad-caller-acl-tokens-secret-id-is-exposed-to-sentinel/56271"}],"affected":[{"package":{"name":"github.com/hashicorp/nomad","ecosystem":"Go","purl":"pkg:golang/github.com/hashicorp/nomad"},"ranges":[{"type":"SEMVER","events":[{"introduced":"1.2.11"},{"fixed":"1.4.11"},{"introduced":"1.5.0"},{"fixed":"1.5.7"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2024-2669.json"}}],"schema_version":"1.7.3","credits":[{"name":"anonymous4ACL24"}]}