PT-2022-16800 · Hashicorp · Nomad+1

Published

2022-02-14

Updated

2024-08-21

CVE-2022-24686

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions HashiCorp Nomad and Nomad Enterprise versions 0.3.0 through 1.0.17 HashiCorp Nomad and Nomad Enterprise version 1.1.11 HashiCorp Nomad and Nomad Enterprise version 1.2.5

Description The artifact download functionality in HashiCorp Nomad and Nomad Enterprise has a race condition, allowing the Nomad client agent to download the wrong artifact into the wrong destination.

Recommendations For versions 0.3.0 through 1.0.17, update to version 1.0.18. For version 1.1.11, update to version 1.1.12. For version 1.2.5, update to version 1.2.6.

Fix

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

CVE-2022-24686

GHSA-GWMC-6795-QGHJ

GO-2022-0600

Affected Products

Nomad

Nomad Enterprise

PT-2022-16800 · Hashicorp · Nomad+1

CVE-2022-24686

Weakness Enumeration

Related Identifiers

Affected Products

References · 15