CVE-2024-10975 Information

Description

Nomad Community and Nomad Enterprise (\Nomad) volume specification is vulnerable to arbitrary cross-namespace volume creation through unauthorized Container Storage Interface (CSI) volume writes. This vulnerability identified as CVE-2024-10975 is fixed in Nomad Community Edition 1.9.2 and Nomad Enterprise 1.9.2 1.8.7 and 1.7.15.

Reference

https://discuss.hashicorp.com/t/hcsec-2024-27-nomad-vulnerable-to-cross-namespace-volume-creation-abusing-csi-write-permission