Nomad Platform Vulnerable to Path Escape During Migration

CVE-2024-6717

7.7HIGH

Key Information

Vendor: Hashicorp
Status: Nomad; Nomad Enterprise
Vendor: CVE Published:; 23 July 2024

Summary

HashiCorp Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 1.8.1 archive unpacking during migration is vulnerable to path escaping of the allocation directory. This vulnerability, CVE-2024-6717, is fixed in Nomad 1.6.13, 1.7.10, and 1.8.2.

Affected Version(s)

Nomad < 1.8.2

Nomad Enterprise < 1.8.2

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Risk change from: null to: 7.7 - (HIGH)
Jul 24, 2024
Vulnerability published.
Jul 23, 2024

Collectors

NVD DatabaseMitre Database