x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-v5fm-hr72-27hx

[GoVulnBot]

In GitHub Security Advisory GHSA-v5fm-hr72-27hx, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/hashicorp/nomad	1.5.7	>= 1.5.0, < 1.5.7	github.com/hashicorp/nomad	1.4.11	>= 0.11.0, < 1.4.11

Cross references:

• Module github.com/hashicorp/nomad appears in issue #560 EFFECTIVELY_PRIVATE
• Module github.com/hashicorp/nomad appears in issue #573 EFFECTIVELY_PRIVATE
• Module github.com/hashicorp/nomad appears in issue #577 EFFECTIVELY_PRIVATE
• Module github.com/hashicorp/nomad appears in issue #584 EFFECTIVELY_PRIVATE
• Module github.com/hashicorp/nomad appears in issue #591 EFFECTIVELY_PRIVATE
• Module github.com/hashicorp/nomad appears in issue #600 EFFECTIVELY_PRIVATE
• Module github.com/hashicorp/nomad appears in issue #622 EFFECTIVELY_PRIVATE
• Module github.com/hashicorp/nomad appears in issue #634 EFFECTIVELY_PRIVATE
• Module github.com/hashicorp/nomad appears in issue #709 NOT_IMPORTABLE
• Module github.com/hashicorp/nomad appears in issue #732 NOT_IMPORTABLE
• Module github.com/hashicorp/nomad appears in issue #806 NOT_IMPORTABLE
• Module github.com/hashicorp/nomad appears in issue #821 NOT_IMPORTABLE
• Module github.com/hashicorp/nomad appears in issue #840 NOT_IMPORTABLE
• Module github.com/hashicorp/nomad appears in issue #1062 EFFECTIVELY_PRIVATE
• Module github.com/hashicorp/nomad appears in issue #1105 EFFECTIVELY_PRIVATE
• Module github.com/hashicorp/nomad appears in issue #1106 EFFECTIVELY_PRIVATE
• Module github.com/hashicorp/nomad appears in issue #1581 EFFECTIVELY_PRIVATE
• Module github.com/hashicorp/nomad appears in issue #1633 EFFECTIVELY_PRIVATE
• Module github.com/hashicorp/nomad appears in issue #1707 EFFECTIVELY_PRIVATE
• Module github.com/hashicorp/nomad appears in issue #1899 EFFECTIVELY_PRIVATE
• Module github.com/hashicorp/nomad appears in issue #1928 EFFECTIVELY_PRIVATE
• Module github.com/hashicorp/nomad appears in issue #2538

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/hashicorp/nomad
      versions:
        - introduced: 1.5.0
          fixed: 1.5.7
      vulnerable_at: 1.5.6
      packages:
        - package: github.com/hashicorp/nomad
    - module: github.com/hashicorp/nomad
      versions:
        - introduced: 0.11.0
          fixed: 1.4.11
      vulnerable_at: 1.4.10
      packages:
        - package: github.com/hashicorp/nomad
summary: Nomad Search API Leaks Information About CSI Plugins
cves:
    - CVE-2023-3300
ghsas:
    - GHSA-v5fm-hr72-27hx
references:
    - web: https://nvd.nist.gov/vuln/detail/CVE-2023-3300
    - web: https://discuss.hashicorp.com/t/hcsec-2023-22-nomad-search-api-leaks-information-about-csi-plugins/56272
    - fix: https://github.com/hashicorp/nomad/commit/a8789d3872bbf1b1f420f28b0f7ad8532a41d5e3
    - advisory: https://github.com/advisories/GHSA-v5fm-hr72-27hx

[gopherbot]

Change https://go.dev/cl/575935 mentions this issue: data/reports: add GO-2024-2671.yaml