CVE-2022-24683

Name of the Vulnerable Software and Affected Versions HashiCorp Nomad and Nomad Enterprise versions 0.9.2 through 1.0.17 HashiCorp Nomad and Nomad Enterprise version 1.1.11 HashiCorp Nomad and Nomad Enterprise version 1.2.5

Description The issue allows operators with read-fs and alloc-exec (or job-submit) capabilities to read arbitrary files on the host filesystem as root. This can be exploited by operators with the necessary capabilities, potentially leading to unauthorized access to sensitive information. There are currently no known workarounds.

Recommendations For HashiCorp Nomad and Nomad Enterprise versions 0.9.2 through 1.0.17, upgrade to a version that contains a fix for this issue as soon as possible. For HashiCorp Nomad and Nomad Enterprise version 1.1.11, upgrade to a version that contains a fix for this issue as soon as possible. For HashiCorp Nomad and Nomad Enterprise version 1.2.5, upgrade to a version that contains a fix for this issue as soon as possible. As a temporary workaround, consider restricting the read-fs and alloc-exec (or job-submit) capabilities to minimize the risk of exploitation.