Описание
HashiCorp Nomad is vulnerable to path escape through archive unpacking during migration
HashiCorp Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 1.8.1 archive unpacking during migration is vulnerable to path escaping of the allocation directory. This vulnerability, CVE-2024-6717, is fixed in Nomad 1.6.13, 1.7.10, and 1.8.2.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2024-6717
- https://github.com/hashicorp/nomad/commit/ef6cdec8847e0698d386d1fd3761743df758ef99
- https://discuss.hashicorp.com/t/hcsec-2024-15-nomad-vulnerable-to-allocation-directory-path-escape-through-archive-unpacking/68781
- https://github.com/hashicorp/nomad/releases/tag/v1.8.2
Пакеты
github.com/hashicorp/nomad
< 1.8.2
1.8.2
Связанные уязвимости
HashiCorp Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 1.8.1 archive unpacking during migration is vulnerable to path escaping of the allocation directory. This vulnerability, CVE-2024-6717, is fixed in Nomad 1.6.13, 1.7.10, and 1.8.2.
HashiCorp Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 1.8.1 archive unpacking during migration is vulnerable to path escaping of the allocation directory. This vulnerability, CVE-2024-6717, is fixed in Nomad 1.6.13, 1.7.10, and 1.8.2.
HashiCorp Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 1.8.1 arc ...
Уязвимость оркестратора приложений Nomad, связанная с ошибками при обработке гипертекстовых ссылок, позволяющая нарушителю оказать воздействие на целостность защищаемой информации
