{"id":"GO-2024-2670","summary":"ACL security vulnerability in github.com/hashicorp/nomad","details":"An ACL policy using a block without label can be applied to unexpected resources in Nomad, a distributed, highly available scheduler designed for effortless operations and management of applications.","aliases":["CVE-2023-3072","GHSA-rpvr-38xv-xvxq"],"modified":"2026-03-03T04:55:12.906233Z","published":"2024-04-04T18:42:48Z","database_specific":{"review_status":"REVIEWED","url":"https://pkg.go.dev/vuln/GO-2024-2670"},"references":[{"type":"WEB","url":"https://discuss.hashicorp.com/t/hcsec-2023-20-nomad-acl-policies-without-label-are-applied-to-unexpected-resources/56270"}],"affected":[{"package":{"name":"github.com/hashicorp/nomad","ecosystem":"Go","purl":"pkg:golang/github.com/hashicorp/nomad"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.7.0"},{"fixed":"1.4.11"},{"introduced":"1.5.0"},{"fixed":"1.5.6"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2024-2670.json"}}],"schema_version":"1.7.3","credits":[{"name":"anonymous4ACL24"}]}