Описание
Arbitrary file reads in HashiCorp Nomad
Nomad is an easy-to-use, flexible, and performant workload orchestrator that can deploy a mix of microservice, batch, containerized, and non-containerized applications. HashiCorp Nomad and Nomad Enterprise 0.9.2 through 1.0.17, 1.1.11, and 1.2.5 allow operators with read-fs and alloc-exec (or job-submit) capabilities to read arbitrary files on the host filesystem as root. There are currently no known workarounds. Users are recommended to upgrade as soon as possible to avoid this issue.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2022-24683
- https://github.com/hashicorp/nomad/commit/1aa46c3796e924b72eb45a7f02dae32df0c1179c
- https://github.com/hashicorp/nomad/commit/b3c0e6a7a53d624003698b48b6c59739552c3721
- https://github.com/hashicorp/nomad/commit/fcb3a5d016a3dfcc63efcdb567373735a0703279
- https://discuss.hashicorp.com
- https://discuss.hashicorp.com/t/hcsec-2022-02-nomad-alloc-filesystem-and-container-escape/35560
- https://security.netapp.com/advisory/ntap-20220318-0008
Пакеты
github.com/hashicorp/nomad
>= 0.9.2, < 1.0.18
1.0.18
github.com/hashicorp/nomad
>= 1.1.0, < 1.1.12
1.1.12
github.com/hashicorp/nomad
>= 1.2.0, < 1.2.6
1.2.6
Связанные уязвимости
HashiCorp Nomad and Nomad Enterprise 0.9.2 through 1.0.17, 1.1.11, and 1.2.5 allow operators with read-fs and alloc-exec (or job-submit) capabilities to read arbitrary files on the host filesystem as root.
HashiCorp Nomad and Nomad Enterprise 0.9.2 through 1.0.17, 1.1.11, and 1.2.5 allow operators with read-fs and alloc-exec (or job-submit) capabilities to read arbitrary files on the host filesystem as root.
HashiCorp Nomad and Nomad Enterprise 0.9.2 through 1.0.17, 1.1.11, and ...