CVE-2024-6717 Information

Description

HashiCorp Nomad and Nomad Enterprise 1.6.12 up to 1.7.9 and 1.8.1 archive unpacking during migration is vulnerable to path escaping of the allocation directory. This vulnerability CVE-2024-6717 is fixed in Nomad 1.6.13 1.7.10 and 1.8.2.

Reference

https://discuss.hashicorp.com/t/hcsec-2024-15-nomad-vulnerable-to-allocation-directory-path-escape-through-archive-unpacking/68781