CVE-2022-24686 Information
Jun 07, 2022
cve
Description
HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17 1.1.11 and 1.2.5 artifact download functionality has a race condition such that the Nomad client agent could download the wrong artifact into the wrong destination. Fixed in 1.0.18 1.1.12 and 1.2.6
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Reference
https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-01-nomad-artifact-download-race-condition/35559 https://security.netapp.com/advisory/ntap-20220318-0008/
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
NONE
Availability Impact
HIGH
Base Score
NONE
Base Severity
5.9
Share on: