PT-2024-37819 · Hashicorp+1 · Nomad Enterprise+2

Published

2024-07-22

Updated

2026-01-17

CVE-2024-6717

CVSS v3.1

8.6

High

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions HashiCorp Nomad and Nomad Enterprise versions 1.6.12 through 1.7.9 HashiCorp Nomad and Nomad Enterprise version 1.8.1

Description The issue concerns archive unpacking during migration, where path escaping of the allocation directory is possible. This allows for potential exploitation. The estimated number of potentially affected devices worldwide is not specified. Details about real-world incidents where this issue was exploited are not provided.

Recommendations For HashiCorp Nomad and Nomad Enterprise versions 1.6.12 through 1.7.9, update to version 1.7.10 or later to resolve the issue. For HashiCorp Nomad and Nomad Enterprise version 1.8.1, update to version 1.8.2 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-610

Related Identifiers

BDU:2025-06168

CVE-2024-6717

GHSA-5MQX-RPXV-MVXJ

GO-2026-4278

SUSE-SU-2026:0142-1

Affected Products

Hashicorp Nomad

Nomad Enterprise

Red Os

PT-2024-37819 · Hashicorp+1 · Nomad Enterprise+2

CVE-2024-6717

Weakness Enumeration

Related Identifiers

Affected Products

References · 53