CVE-2022-24684

Name of the Vulnerable Software and Affected Versions HashiCorp Nomad and Nomad Enterprise versions 0.9.0 through 1.0.16 HashiCorp Nomad and Nomad Enterprise version 1.1.11 HashiCorp Nomad and Nomad Enterprise version 1.2.5 HashiCorp Nomad and Nomad Enterprise versions prior to 1.0.17 HashiCorp Nomad and Nomad Enterprise versions 1.1.x prior to 1.1.12 HashiCorp Nomad and Nomad Enterprise versions 1.2.x prior to 1.2.6

Description The issue allows operators with job-submit capabilities to use the spread stanza to panic server agents, resulting in Uncontrolled Resource Consumption.

Recommendations For versions 0.9.0 through 1.0.16, update to version 1.0.18 or later. For version 1.1.11, update to version 1.1.12 or later. For version 1.2.5, update to version 1.2.6 or later. For versions prior to 1.0.17, update to version 1.0.17 or later. For versions 1.1.x prior to 1.1.12, update to version 1.1.12 or later. For versions 1.2.x prior to 1.2.6, update to version 1.2.6 or later. As a temporary workaround, consider restricting the use of the spread stanza in job submissions until a patch is available.