CVE-2022-24685

7.5HIGH

Key Information

Vendor: Hashicorp
Status: Nomad
Vendor: CVE Published:; 28 February 2022

Summary

HashiCorp Nomad and Nomad Enterprise 1.0.17, 1.1.11, and 1.2.5 allow invalid HCL for the jobs parse endpoint, which may cause excessive CPU usage. Fixed in 1.0.18, 1.1.12, and 1.2.6.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Feb 28, 2022
Vulnerability Reserved.
Feb 9, 2022

Collectors

NVD DatabaseMitre Database