CVE-2024-6717

Summary

HashiCorp Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 1.8.1 archive unpacking during migration is vulnerable to path escaping of the allocation directory. This vulnerability, CVE-2024-6717, is fixed in Nomad 1.6.13, 1.7.10, and 1.8.2.

Affected Software

VendorProductVersion RangeStatus
HashiCorpNomad0 < 1.8.2affected
HashiCorpNomad Enterprise0 < 1.8.2affected

Weaknesses

  • CWE-610: CWE-610: Externally Controlled Reference to a Resource in Another Sphere

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References