An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS13bXJ4LTU3aG0tbXc3cs0s7Q

Arbitrary file reads in HashiCorp Nomad

Nomad is an easy-to-use, flexible, and performant workload orchestrator that can deploy a mix of microservice, batch, containerized, and non-containerized applications. HashiCorp Nomad and Nomad Enterprise 0.9.2 through 1.0.17, 1.1.11, and 1.2.5 allow operators with read-fs and alloc-exec (or job-submit) capabilities to read arbitrary files on the host filesystem as root. There are currently no known workarounds. Users are recommended to upgrade as soon as possible to avoid this issue.

Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 1 year ago
Updated: 5 months ago

CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Identifiers: GHSA-wmrx-57hm-mw7r, CVE-2022-24683

Affected Packages
Versions: >= 1.2.0, < 1.2.6, >= 1.1.0, < 1.1.12, >= 0.9.2, < 1.0.18
Fixed in: 1.2.6, 1.1.12, 1.0.18