An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1jODY2LThncHctcDNtds4AA5K1

HashiCorp Nomad vulnerable to symlink attacks

HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. Fixed in Nomad 1.7.4, 1.6.7, 1.5.14.

Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 22 days ago
Updated: 21 days ago

CVSS Score: 7.7
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H

Identifiers: GHSA-c866-8gpw-p3mv, CVE-2024-1329

Affected Packages
Versions: = 1.7.3, >= 1.6.0, <= 1.6.6, = 1.5.13
Fixed in: 1.7.4, 1.6.7, 1.5.14