CVE Vulnerabilities

CVE-2024-1329

Externally Controlled Reference to a Resource in Another Sphere

Published: Feb 08, 2024 | Modified: Feb 15, 2024
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. Fixed in Nomad 1.7.4, 1.6.7, 1.5.14.

Weakness

The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.

Affected Software

Name Vendor Start Version End Version
Nomad Hashicorp 1.5.13 *
Nomad Hashicorp 1.6.6 *
Nomad Hashicorp 1.7.3. *

References