HashiCorp Nomad and Nomad Enterprise up to 0.10.4 contained a cross-site scripting vulnerability such that files from a malicious workload could cause arbitrary JavaScript to execute in the web UI. Fixed in 0.10.5.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10944
Reference (s):
- https://github.com/hashicorp/nomad/issues/7468