8.6

CVE-2024-6717

Nomad Vulnerable to Allocation Directory Path Escape Through Archive Unpacking

HashiCorp Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 1.8.1 archive unpacking during migration is vulnerable to path escaping of the allocation directory. This vulnerability, CVE-2024-6717, is fixed in Nomad 1.6.13, 1.7.10, and 1.8.2.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
HashicorpNomad SwEdition- Version >= 1.7.0 < 1.7.10
HashicorpNomad SwEditionenterprise Version >= 1.7.0 < 1.7.10
HashicorpNomad Version1.6.12 SwEdition-
HashicorpNomad Version1.6.12 SwEditionenterprise
HashicorpNomad Version1.8.1 SwEdition-
HashicorpNomad Version1.8.1 SwEditionenterprise
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.29% 0.521
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.6 3.9 4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
security@hashicorp.com 7.7 3.1 4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
CWE-610 Externally Controlled Reference to a Resource in Another Sphere

The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.