Описание
Nomad Spread Job Stanza May Trigger Panic in Servers
Nomad and Nomad Enterprise allows operators with job-submit capabilities to use the spread stanza in a way such that it can cause panic in Nomad servers. This vulnerability, CVE-2022-24684, was fixed in Nomad 1.0.18, 1.1.12, and 1.2.6.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2022-24684
- https://discuss.hashicorp.com/t/hcsec-2022-04-nomad-spread-job-stanza-may-trigger-panic-in-servers
- https://discuss.hashicorp.com/t/hcsec-2022-04-nomad-spread-job-stanza-may-trigger-panic-in-servers/35562
- https://security.netapp.com/advisory/ntap-20220318-0008
Пакеты
github.com/hashicorp/nomad
>= 0.9.0, < 1.0.18
1.0.18
github.com/hashicorp/nomad
>= 1.1.0, < 1.1.12
1.1.12
github.com/hashicorp/nomad
>= 1.2.0, < 1.2.6
1.2.6
Связанные уязвимости
HashiCorp Nomad and Nomad Enterprise 0.9.0 through 1.0.16, 1.1.11, and 1.2.5 allow operators with job-submit capabilities to use the spread stanza to panic server agents. Fixed in 1.0.18, 1.1.12, and 1.2.6.
HashiCorp Nomad and Nomad Enterprise 0.9.0 through 1.0.16, 1.1.11, and 1.2.5 allow operators with job-submit capabilities to use the spread stanza to panic server agents. Fixed in 1.0.18, 1.1.12, and 1.2.6.
HashiCorp Nomad and Nomad Enterprise 0.9.0 through 1.0.16, 1.1.11, and ...