Описание
HashiCorp Nomad Artifact Download Race Condition
HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.11, and 1.2.5 artifact download functionality has a race condition such that the Nomad client agent could download the wrong artifact into the wrong destination. This issue is fixed in 1.0.18, 1.1.12, and 1.2.6.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2022-24686
- https://github.com/hashicorp/nomad/issues/12036
- https://discuss.hashicorp.com
- https://discuss.hashicorp.com/t/hcsec-2022-01-nomad-artifact-download-race-condition/35559
- https://github.com/hashicorp/nomad/releases/tag/v1.2.6
- https://security.netapp.com/advisory/ntap-20220318-0008
Пакеты
github.com/hashicorp/nomad
>= 0.3.0, < 1.0.18
1.0.18
github.com/hashicorp/nomad
>= 1.1.0, < 1.1.12
1.1.12
github.com/hashicorp/nomad
>= 1.2.0, < 1.2.6
1.2.6
Связанные уязвимости
HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.11, and 1.2.5 artifact download functionality has a race condition such that the Nomad client agent could download the wrong artifact into the wrong destination. Fixed in 1.0.18, 1.1.12, and 1.2.6
HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.11, and 1.2.5 artifact download functionality has a race condition such that the Nomad client agent could download the wrong artifact into the wrong destination. Fixed in 1.0.18, 1.1.12, and 1.2.6
HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.11, and ...