Race Condition in HashiCorp Nomad Affecting Artifact Downloads
CVE-2022-24686

5.9MEDIUM

Key Information:

Vendor

Hashicorp
Status
Nomad
Vendor
CVE Published:
14 February 2022

What is CVE-2022-24686?

A race condition vulnerability exists in HashiCorp Nomad and Nomad Enterprise, where the artifact download functionality may allow the Nomad client agent to mistakenly download the incorrect artifact into an unintended location. This can lead to operational issues and potential data integrity risks. The issue has been addressed in versions 1.0.18, 1.1.12, and 1.2.6.

References

https://discuss.hashicorp.com
x_refsource_MISC
https://discuss.hashicorp.com/t/hcsec-2022-01-nomad-artif...
x_refsource_MISC
https://security.netapp.com/advisory/ntap-20220318-0008/
x_refsource_CONFIRM

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2022-24686 : Race Condition in HashiCorp Nomad Affecting Artifact Downloads