Nomad Platform Vulnerable to Path Escape During Migration
CVE-2024-6717

7.7HIGH

Key Information:

Vendor: Hashicorp
Status: Nomad; Nomad Enterprise
Vendor: CVE Published:; 23 July 2024

Summary

HashiCorp Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 1.8.1 archive unpacking during migration is vulnerable to path escaping of the allocation directory. This vulnerability, CVE-2024-6717, is fixed in Nomad 1.6.13, 1.7.10, and 1.8.2.

Affected Version(s)

Nomad 64 bit 0 < 1.8.2

Nomad Enterprise 64 bit 0 < 1.8.2

References

https://discuss.hashicorp.com/t/hcsec-2024-15-nomad-vulne...

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jul 23, 2024

Collectors

NVD DatabaseMitre Database