cbcvebase.
CVE-2022-24684
published 2022-02-15

CVE-2022-24684: HashiCorp Nomad and Nomad Enterprise 0.9.0 through 1.0.16, 1.1.11, and 1.2.5 allow operators with job-submit capabilities to use the spread stanza to panic…

PriorityP433medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
EPSS
1.38%
68.6th percentile
HashiCorp Nomad and Nomad Enterprise 0.9.0 through 1.0.16, 1.1.11, and 1.2.5 allow operators with job-submit capabilities to use the spread stanza to panic server agents. Fixed in 1.0.18, 1.1.12, and 1.2.6.

Affected

6 ranges
VendorProductVersion rangeFixed in
github.comhashicorp_nomad>= 0.9.0 < 1.0.181.0.18
github.comhashicorp_nomad>= 1.1.0 < 1.1.121.1.12
github.comhashicorp_nomad>= 1.2.0 < 1.2.61.2.6
hashicorpnomad>= 0.9.0 < 1.0.181.0.18
hashicorpnomad>= 1.1.0 < 1.1.121.1.12
hashicorpnomad>= 1.2.0 < 1.2.61.2.6

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:P
ghsa6.5MEDIUM
osv6.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.