CVE-2022-30324

9.8CRITICAL

Key Information

Vendor: Hashicorp
Status: Nomad
Vendor: CVE Published:; 2 June 2022

Summary

HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were impacted by go-getter vulnerabilities enabling privilege escalation through the artifact stanza in submitted jobs onto the client agent host. Fixed in 1.1.14, 1.2.8, and 1.3.1.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Jun 2, 2022
Vulnerability Reserved.
May 7, 2022

Collectors

NVD DatabaseMitre Database