HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. Fixed in Nomad 1.7.4, 1.6.7, 1.5.14.
References
Link | Resource |
---|---|
https://discuss.hashicorp.com/t/hcsec-2024-03-nomad-vulnerable-to-arbitrary-write-through-symlink-attack | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
15 Feb 2024, 18:27
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:hashicorp:nomad:*:*:*:*:-:*:*:* cpe:2.3:a:hashicorp:nomad:*:*:*:*:enterprise:*:*:* |
|
References | () https://discuss.hashicorp.com/t/hcsec-2024-03-nomad-vulnerable-to-arbitrary-write-through-symlink-attackĀ - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CWE | CWE-610 | |
First Time |
Hashicorp
Hashicorp nomad |
08 Feb 2024, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-08 20:15
Updated : 2024-02-28 20:54
NVD link : CVE-2024-1329
Mitre link : CVE-2024-1329
CVE.ORG link : CVE-2024-1329
JSON object : View
Products Affected
hashicorp
- nomad
CWE
CWE-610
Externally Controlled Reference to a Resource in Another Sphere