Upstream information
CVE-2025-1296 at MITRE
Description
Nomad Community and Nomad Enterprise ("Nomad") are vulnerable to unintentional exposure of the workload identity token and client secret token in audit logs. This vulnerability, identified as CVE-2025-1296, is fixed in Nomad Community Edition 1.9.7 and Nomad Enterprise 1.9.7, 1.8.11, and 1.7.19.
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
CVSS v3 Scores
| CVSS detail | CNA (HashiCorp) |
|---|
| Base Score | 6.5 |
| Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
| Attack Vector | Network |
| Attack Complexity | Low |
| Privileges Required | Low |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality Impact | High |
| Integrity Impact | None |
| Availability Impact | None |
| CVSSv3 Version | 3.1 |
No SUSE Bugzilla entries cross referenced.
SUSE Security Advisories:
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|
| Container suse/sl-micro/6.0/baremetal-os-container:latest | kernel-firmware-all >= 20241128-slfo.1.1_2.1kernel-firmware-amdgpu >= 20241128-slfo.1.1_2.1kernel-firmware-ath10k >= 20241128-slfo.1.1_2.1kernel-firmware-ath11k >= 20241128-slfo.1.1_2.1kernel-firmware-ath12k >= 20241128-slfo.1.1_2.1kernel-firmware-atheros >= 20241128-slfo.1.1_2.1kernel-firmware-bluetooth >= 20241128-slfo.1.1_2.1kernel-firmware-bnx2 >= 20241128-slfo.1.1_2.1kernel-firmware-brcm >= 20241128-slfo.1.1_2.1kernel-firmware-chelsio >= 20241128-slfo.1.1_2.1kernel-firmware-dpaa2 >= 20241128-slfo.1.1_2.1kernel-firmware-i915 >= 20241128-slfo.1.1_2.1kernel-firmware-intel >= 20241128-slfo.1.1_2.1kernel-firmware-iwlwifi >= 20241128-slfo.1.1_2.1kernel-firmware-liquidio >= 20241128-slfo.1.1_2.1kernel-firmware-marvell >= 20241128-slfo.1.1_2.1kernel-firmware-media >= 20241128-slfo.1.1_2.1kernel-firmware-mediatek >= 20241128-slfo.1.1_2.1kernel-firmware-mellanox >= 20241128-slfo.1.1_2.1kernel-firmware-mwifiex >= 20241128-slfo.1.1_2.1kernel-firmware-network >= 20241128-slfo.1.1_2.1kernel-firmware-nfp >= 20241128-slfo.1.1_2.1kernel-firmware-nvidia >= 20241128-slfo.1.1_2.1kernel-firmware-platform >= 20241128-slfo.1.1_2.1kernel-firmware-prestera >= 20241128-slfo.1.1_2.1kernel-firmware-qcom >= 20241128-slfo.1.1_2.1kernel-firmware-qlogic >= 20241128-slfo.1.1_2.1kernel-firmware-radeon >= 20241128-slfo.1.1_2.1kernel-firmware-realtek >= 20241128-slfo.1.1_2.1kernel-firmware-serial >= 20241128-slfo.1.1_2.1kernel-firmware-sound >= 20241128-slfo.1.1_2.1kernel-firmware-ti >= 20241128-slfo.1.1_2.1kernel-firmware-ueagle >= 20241128-slfo.1.1_2.1kernel-firmware-usb-network >= 20241128-slfo.1.1_2.1libxml2-2 >= 2.11.6-3.1
| |
Container suse/sl-micro/6.0/base-os-container:latest
Container suse/sl-micro/6.0/kvm-os-container:latest
Container suse/sl-micro/6.0/rt-os-container:latest
Container suse/sl-micro/6.0/toolbox:latest | | |
Image SL-Micro-Base
Image SL-Micro-Base-RT
Image SL-Micro-Base-RT-SelfInstall
Image SL-Micro-Base-RT-encrypted
Image SL-Micro-Base-SelfInstall
Image SL-Micro-Base-encrypted
Image SL-Micro-Base-qcow
Image SL-Micro-Default
Image SL-Micro-Default-SelfInstall
Image SL-Micro-Default-encrypted
Image SL-Micro-Default-qcow | update-alternatives >= 1.22.0-slfo.1.1_2.1
| |
| Image SL-Micro | libxml2-2 >= 2.11.6-3.1update-alternatives >= 1.22.0-slfo.1.1_2.1
| |
Image SLE-Micro-BYOS
Image SLE-Micro-BYOS-EC2
Image SLE-Micro-BYOS-GCE
Image SLE-Micro-EC2
Image SLE-Micro-GCE | libxml2-2 >= 2.11.6-3.1libxml2-tools >= 2.11.6-3.1update-alternatives >= 1.22.0-slfo.1.1_2.1
| |
Image SLE-Micro
Image SLE-Micro-Azure
Image SLE-Micro-BYOS-Azure | libxml2-2 >= 2.11.6-3.1libxml2-tools >= 2.11.6-3.1python311-dnspython >= 2.4.2-2.1update-alternatives >= 1.22.0-slfo.1.1_2.1
| |
| SUSE Linux Enterprise Server 16.0 | govulncheck-vulndb >= 0.0.20250814T182633-160000.1.2
| Patchnames:
SUSE Linux Enterprise Server 16.0 GA govulncheck-vulndb-0.0.20250814T182633-160000.1.2 |
| openSUSE Tumbleweed | govulncheck-vulndb >= 0.0.20250313T170021-1.1
| Patchnames:
openSUSE-Tumbleweed-2025-14893 |
SUSE Timeline for this CVE
CVE page created: Mon Mar 10 20:00:22 2025
CVE page last modified: Tue Feb 24 01:29:15 2026
