Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1jODY2LThncHctcDNtds4AA5K1

HashiCorp Nomad vulnerable to symlink attacks

HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. Fixed in Nomad 1.7.4, 1.6.7, 1.5.14.

Permalink: https://github.com/advisories/GHSA-c866-8gpw-p3mv
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jODY2LThncHctcDNtds4AA5K1
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 22 days ago
Updated: 21 days ago


CVSS Score: 7.7
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H

Identifiers: GHSA-c866-8gpw-p3mv, CVE-2024-1329
References:

Affected Packages

go:github.com/hashicorp/nomad
Versions: = 1.7.3, >= 1.6.0, <= 1.6.6, = 1.5.13
Fixed in: 1.7.4, 1.6.7, 1.5.14