CVE-2022-24684
published 2022-02-15CVE-2022-24684: HashiCorp Nomad and Nomad Enterprise 0.9.0 through 1.0.16, 1.1.11, and 1.2.5 allow operators with job-submit capabilities to use the spread stanza to panic…
PriorityP433medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
EPSS
1.38%
68.6th percentile
HashiCorp Nomad and Nomad Enterprise 0.9.0 through 1.0.16, 1.1.11, and 1.2.5 allow operators with job-submit capabilities to use the spread stanza to panic server agents. Fixed in 1.0.18, 1.1.12, and 1.2.6.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | hashicorp_nomad | >= 0.9.0 < 1.0.18 | 1.0.18 |
| github.com | hashicorp_nomad | >= 1.1.0 < 1.1.12 | 1.1.12 |
| github.com | hashicorp_nomad | >= 1.2.0 < 1.2.6 | 1.2.6 |
| hashicorp | nomad | >= 0.9.0 < 1.0.18 | 1.0.18 |
| hashicorp | nomad | >= 1.1.0 < 1.1.12 | 1.1.12 |
| hashicorp | nomad | >= 1.2.0 < 1.2.6 | 1.2.6 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:P
ghsa6.5MEDIUM
osv6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Nomad Spread Job Stanza May Trigger Panic in Servers in github.com/hashicorp/nomad
osv·2024-08-21
CVE-2022-24684 Nomad Spread Job Stanza May Trigger Panic in Servers in github.com/hashicorp/nomad
Nomad Spread Job Stanza May Trigger Panic in Servers in github.com/hashicorp/nomad
Nomad Spread Job Stanza May Trigger Panic in Servers in github.com/hashicorp/nomad
GHSA
Nomad Spread Job Stanza May Trigger Panic in Servers
ghsa·2022-02-16·CVSS 6.5
CVE-2022-24684 [MEDIUM] CWE-400 Nomad Spread Job Stanza May Trigger Panic in Servers
Nomad Spread Job Stanza May Trigger Panic in Servers
Nomad and Nomad Enterprise allows operators with job-submit capabilities to use the spread stanza in a way such that it can cause panic in Nomad servers. This vulnerability, CVE-2022-24684, was fixed in Nomad 1.0.18, 1.1.12, and 1.2.6.
OSV
Nomad Spread Job Stanza May Trigger Panic in Servers
osv·2022-02-16·CVSS 6.5
CVE-2022-24684 [MEDIUM] Nomad Spread Job Stanza May Trigger Panic in Servers
Nomad Spread Job Stanza May Trigger Panic in Servers
Nomad and Nomad Enterprise allows operators with job-submit capabilities to use the spread stanza in a way such that it can cause panic in Nomad servers. This vulnerability, CVE-2022-24684, was fixed in Nomad 1.0.18, 1.1.12, and 1.2.6.
OSV
CVE-2022-24684: HashiCorp Nomad and Nomad Enterprise 0
osv·2022-02-15·CVSS 6.5
CVE-2022-24684 [MEDIUM] CVE-2022-24684: HashiCorp Nomad and Nomad Enterprise 0
HashiCorp Nomad and Nomad Enterprise 0.9.0 through 1.0.16, 1.1.11, and 1.2.5 allow operators with job-submit capabilities to use the spread stanza to panic server agents. Fixed in 1.0.18, 1.1.12, and 1.2.6.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://discuss.hashicorp.comhttps://discuss.hashicorp.com/t/hcsec-2022-04-nomad-spread-job-stanza-may-trigger-panic-in-servers/https://discuss.hashicorp.com/t/hcsec-2022-04-nomad-spread-job-stanza-may-trigger-panic-in-servers/35562https://security.netapp.com/advisory/ntap-20220318-0008/https://discuss.hashicorp.comhttps://discuss.hashicorp.com/t/hcsec-2022-04-nomad-spread-job-stanza-may-trigger-panic-in-servers/https://discuss.hashicorp.com/t/hcsec-2022-04-nomad-spread-job-stanza-may-trigger-panic-in-servers/35562https://security.netapp.com/advisory/ntap-20220318-0008/
2022-02-15
Published