Описание
HashiCorp Nomad vulnerable to Allocation of Resources Without Limits or Throttling
HashiCorp Nomad and Nomad Enterprise 1.x before 1.0.17, 1.1.x before 1.1.12, and 1.2.x before 1.2.6 is vulnerable to Allocation of Resources Without Limits or Throttling.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2022-24685
- https://discuss.hashicorp.com
- https://discuss.hashicorp.com/t/hcsec-2022-03-nomad-malformed-job-parsing-results-in-excessive-cpu-usage
- https://discuss.hashicorp.com/t/hcsec-2022-03-nomad-malformed-job-parsing-results-in-excessive-cpu-usage/35561
- https://security.netapp.com/advisory/ntap-20220331-0007
Пакеты
github.com/hashicorp/nomad
>= 1.0.0, < 1.0.17
1.0.17
github.com/hashicorp/nomad
>= 1.1.0, < 1.1.12
1.1.12
github.com/hashicorp/nomad
>= 1.2.0, < 1.2.6
1.2.6
Связанные уязвимости
HashiCorp Nomad and Nomad Enterprise 1.0.17, 1.1.11, and 1.2.5 allow invalid HCL for the jobs parse endpoint, which may cause excessive CPU usage. Fixed in 1.0.18, 1.1.12, and 1.2.6.
HashiCorp Nomad and Nomad Enterprise 1.0.17, 1.1.11, and 1.2.5 allow invalid HCL for the jobs parse endpoint, which may cause excessive CPU usage. Fixed in 1.0.18, 1.1.12, and 1.2.6.
HashiCorp Nomad and Nomad Enterprise 1.0.17, 1.1.11, and 1.2.5 allow i ...