Filesystem Exposure Vulnerability in HashiCorp Nomad and Nomad Enterprise
CVE-2022-24683

7.5HIGH

Key Information:

Vendor
Hashicorp
Status
Nomad
Vendor
CVE Published:
17 February 2022

Summary

A vulnerability in HashiCorp Nomad and Nomad Enterprise allows malicious operators with specific capabilities to access arbitrary files on the host filesystem with root permissions. This can lead to unauthorized access to sensitive information and potential system compromise. Operators possessing 'read-fs' and 'alloc-exec' or 'job-submit' capabilities are at risk, highlighting the importance of restricting these permissions to enhance overall security posture. Users are advised to review their capabilities and implement necessary safeguards.

References

https://discuss.hashicorp.com
x_refsource_MISC
https://discuss.hashicorp.com/t/hcsec-2022-02-nomad-alloc...
x_refsource_MISC
https://security.netapp.com/advisory/ntap-20220318-0008/
x_refsource_CONFIRM

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.