CVE-2022-41606 Information

Oct 13, 2022 cve

Description

HashiCorp Nomad and Nomad Enterprise 1.0.2 up to 1.2.12 and 1.3.5 jobs submitted with an artifact stanza using invalid S3 or GCS URLs can be used to crash client agents. Fixed in 1.2.13 1.3.6 and 1.4.0.

Reference

https://discuss.hashicorp.com/t/hcsec-2022-22-nomad-panics-on-job-submission-with-bad-artifact-stanza-source-url/45420 https://discuss.hashicorp.com/t/hcsec-2022-22-nomad-panics-on-job-submission-with-bad-artifact-stanza-source-url/45420 https://discuss.hashicorp.com

Share on: