Products
Nomad
- 1.6.12 up to 1.7.9
- 1.8.1
Source
security@hashicorp.com
Tags
CVE-2024-6717 details
Published : July 23, 2024, 1:15 a.m.
Last Modified : July 23, 2024, 1:15 a.m.
Last Modified : July 23, 2024, 1:15 a.m.
Description
HashiCorp Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 1.8.1 archive unpacking during migration is vulnerable to path escaping of the allocation directory. This vulnerability, CVE-2024-6717, is fixed in Nomad 1.6.13, 1.7.10, and 1.8.2.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7.7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|---|---|
CWE-610 | Externally Controlled Reference to a Resource in Another Sphere | The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
7.7
Exploitability Score
3.1
Impact Score
4.0
Base Severity
HIGH
Vector String : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
References
URL | Source |
---|---|
https://discuss.hashicorp.com/t/hcsec-2024-15-nomad-vulnerable-to-allocation-directory-path-escape-through-archive-unpacking/68781 | security@hashicorp.com |
This website uses the NVD API, but is not approved or certified by it.