CVE-2024-1329

CVSS v3.1

7.7

High

Vector

AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions HashiCorp Nomad and Nomad Enterprise versions 1.5.13 through 1.6.6 and version 1.7.3

Description The template renderer in HashiCorp Nomad and Nomad Enterprise is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. This issue allows a remote attacker to potentially execute arbitrary code. The vulnerability is related to incorrect link resolution before accessing a file.

Recommendations For versions 1.5.13 through 1.6.6 and version 1.7.3, update to Nomad 1.7.4, 1.6.7, or 1.5.14 to resolve the issue. As a temporary workaround, consider restricting access to the template renderer to minimize the risk of exploitation.

Fix

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-610CWE-59

Related Identifiers

BDU:2024-08392

CVE-2024-1329

GHSA-C866-8GPW-P3MV

GO-2024-2538

Affected Products

Nomad

Nomad Enterprise

Red Os

CVE-2024-1329

Weakness Enumeration

Related Identifiers

Affected Products

References · 23