CVE-2022-24684 — Uncontrolled Resource Consumption in Hashicorp Nomad

CWE-400 — Uncontrolled Resource Consumption6 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.7%

top 28.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Github.com Hashicorp Nomad Hashicorp Nomad

Timeline

PublishedFeb 15

Latest updateAug 21

Description

HashiCorp Nomad and Nomad Enterprise 0.9.0 through 1.0.16, 1.1.11, and 1.2.5 allow operators with job-submit capabilities to use the spread stanza to panic server agents. Fixed in 1.0.18, 1.1.12, and 1.2.6.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDhashicorp/nomad0.9.0 — 1.0.18+2

▶Gogithub.com/hashicorp_nomad0.9.0 — 1.0.18+2

🔴Vulnerability Details

OSV

Nomad Spread Job Stanza May Trigger Panic in Servers in github.com/hashicorp/nomad↗2024-08-21

▶

GHSA

Nomad Spread Job Stanza May Trigger Panic in Servers↗2022-02-16

▶

OSV

Nomad Spread Job Stanza May Trigger Panic in Servers↗2022-02-16

▶

OSV

CVE-2022-24684: HashiCorp Nomad and Nomad Enterprise 0↗2022-02-15

▶

CVEList

CVE-2022-24684: HashiCorp Nomad and Nomad Enterprise 0↗2022-02-15

▶