CVE-2024-6717 – Nomad Vulnerable to Allocation Directory Path Escape Through Archive Unpacking
https://notcve.org/view.php?id=CVE-2024-6717
HashiCorp Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 1.8.1 archive unpacking during migration is vulnerable to path escaping of the allocation directory. This vulnerability, CVE-2024-6717, is fixed in Nomad 1.6.13, 1.7.10, and 1.8.2. HashiCorp Nomad y Nomad Enterprise 1.6.12 hasta 1.7.9 y 1.8.1 al desempaquetar archivos durante la migración es vulnerable a que la ruta se escape del directorio de asignación. Esta vulnerabilidad, CVE-2024-6717, se solucionó en Nomad 1.6.13, 1.7.10 y 1.8.2. • https://discuss.hashicorp.com/t/hcsec-2024-15-nomad-vulnerable-to-allocation-directory-path-escape-through-archive-unpacking/68781 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVE-2023-0821 – Nomad Client Vulnerable to Decompression Bombs in Artifact Block
https://notcve.org/view.php?id=CVE-2023-0821
HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source can cause excessive disk usage. Fixed in 1.2.16, 1.3.9, and 1.4.4. • https://discuss.hashicorp.com/t/hcsec-2023-05-nomad-client-vulnerable-to-decompression-bombs-in-artifact-block/50292 • CWE-409: Improper Handling of Highly Compressed Data (Data Amplification) •
CVE-2022-30324
https://notcve.org/view.php?id=CVE-2022-30324
HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were impacted by go-getter vulnerabilities enabling privilege escalation through the artifact stanza in submitted jobs onto the client agent host. Fixed in 1.1.14, 1.2.8, and 1.3.1. HashiCorp Nomad y Nomad Enterprise versiones 0.2.0 hasta 1.3.0, fueron impactados por vulnerabilidades de go-getter que permiten una escalada de privilegios mediante la estrofa de artefactos en los trabajos enviados en el host del agente cliente. Corregido en versiones 1.1.14, 1.2.8 y 1.3.1 • https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-14-nomad-impacted-by-go-getter-vulnerabilities/39932 •
CVE-2022-24686
https://notcve.org/view.php?id=CVE-2022-24686
HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.11, and 1.2.5 artifact download functionality has a race condition such that the Nomad client agent could download the wrong artifact into the wrong destination. Fixed in 1.0.18, 1.1.12, and 1.2.6 La funcionalidad artifact download de HashiCorp Nomad y Nomad Enterprise versiones 0.3.0 hasta 1.0.17, 1.1.11 y 1.2.5, presenta una condición de carrera que hace que el agente cliente de Nomad pueda descargar el artefacto equivocado en el destino equivocado. Corregido en versiones 1.0.18, 1.1.12 y 1.2.6 • https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-01-nomad-artifact-download-race-condition/35559 https://security.netapp.com/advisory/ntap-20220318-0008 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2021-37218
https://notcve.org/view.php?id=CVE-2021-37218
HashiCorp Nomad and Nomad Enterprise Raft RPC layer allows non-server agents with a valid certificate signed by the same CA to access server-only functionality, enabling privilege escalation. Fixed in 1.0.10 and 1.1.4. La capa RPC de HashiCorp Nomad y Nomad Enterprise Raft permite a agentes no servidores con un certificado válido firmado por la misma CA acceder a la funcionalidad server-only, permitiendo una escalada de privilegios. Corregido en versiones 1.0.10 y 1.1.4 • https://discuss.hashicorp.com/t/hcsec-2021-21-nomad-raft-rpc-privilege-escalation/29023 https://www.hashicorp.com/blog/category/nomad • CWE-295: Improper Certificate Validation •