5.8

CVE-2024-7625

In HashiCorp Nomad and Nomad Enterprise from 0.6.1 up to 1.6.13, 1.7.10, and 1.8.2, the archive unpacking process is vulnerable to writes outside the allocation directory during migration of allocation directories when multiple archive headers target the same file. This vulnerability, CVE-2024-7625, is fixed in Nomad 1.6.14, 1.7.11, and 1.8.3. Access or compromise of the Nomad client agent at the source allocation first is a prerequisite for leveraging this vulnerability.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
HashicorpNomad SwEdition- Version >= 0.6.1 < 1.6.14
HashicorpNomad SwEditionenterprise Version >= 0.6.1 < 1.6.14
HashicorpNomad SwEdition- Version >= 1.7.0 < 1.7.11
HashicorpNomad SwEditionenterprise Version >= 1.7.0 < 1.7.11
HashicorpNomad SwEdition- Version >= 1.8.0 <= 1.8.3
HashicorpNomad SwEditionenterprise Version >= 1.8.0 < 1.8.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.3% 0.525
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
security@hashicorp.com 5.8 1.3 4
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N
CWE-610 Externally Controlled Reference to a Resource in Another Sphere

The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.