CVE-2022-24685
published 2022-02-28CVE-2022-24685: HashiCorp Nomad and Nomad Enterprise 1.0.17, 1.1.11, and 1.2.5 allow invalid HCL for the jobs parse endpoint, which may cause excessive CPU usage. Fixed in…
PriorityP338high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
1.52%
71.5th percentile
HashiCorp Nomad and Nomad Enterprise 1.0.17, 1.1.11, and 1.2.5 allow invalid HCL for the jobs parse endpoint, which may cause excessive CPU usage. Fixed in 1.0.18, 1.1.12, and 1.2.6.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | hashicorp_nomad | >= 1.0.0 < 1.0.17 | 1.0.17 |
| github.com | hashicorp_nomad | >= 1.1.0 < 1.1.12 | 1.1.12 |
| github.com | hashicorp_nomad | >= 1.2.0 < 1.2.6 | 1.2.6 |
| hashicorp | nomad | 1.0.0 – 1.0.17 | — |
| hashicorp | nomad | >= 1.1.0 < 1.1.12 | 1.1.12 |
| hashicorp | nomad | >= 1.2.0 < 1.2.6 | 1.2.6 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
HashiCorp Nomad vulnerable to Allocation of Resources Without Limits or Throttling in github.com/hashicorp/nomad
osv·2024-08-21
CVE-2022-24685 HashiCorp Nomad vulnerable to Allocation of Resources Without Limits or Throttling in github.com/hashicorp/nomad
HashiCorp Nomad vulnerable to Allocation of Resources Without Limits or Throttling in github.com/hashicorp/nomad
HashiCorp Nomad vulnerable to Allocation of Resources Without Limits or Throttling in github.com/hashicorp/nomad
OSV
HashiCorp Nomad vulnerable to Allocation of Resources Without Limits or Throttling
osv·2022-03-01
CVE-2022-24685 [HIGH] HashiCorp Nomad vulnerable to Allocation of Resources Without Limits or Throttling
HashiCorp Nomad vulnerable to Allocation of Resources Without Limits or Throttling
HashiCorp Nomad and Nomad Enterprise 1.x before 1.0.17, 1.1.x before 1.1.12, and 1.2.x before 1.2.6 is vulnerable to Allocation of Resources Without Limits or Throttling.
GHSA
HashiCorp Nomad vulnerable to Allocation of Resources Without Limits or Throttling
ghsa·2022-03-01
CVE-2022-24685 [HIGH] CWE-770 HashiCorp Nomad vulnerable to Allocation of Resources Without Limits or Throttling
HashiCorp Nomad vulnerable to Allocation of Resources Without Limits or Throttling
HashiCorp Nomad and Nomad Enterprise 1.x before 1.0.17, 1.1.x before 1.1.12, and 1.2.x before 1.2.6 is vulnerable to Allocation of Resources Without Limits or Throttling.
OSV
CVE-2022-24685: HashiCorp Nomad and Nomad Enterprise 1
osv·2022-02-28·CVSS 7.5
CVE-2022-24685 [HIGH] CVE-2022-24685: HashiCorp Nomad and Nomad Enterprise 1
HashiCorp Nomad and Nomad Enterprise 1.0.17, 1.1.11, and 1.2.5 allow invalid HCL for the jobs parse endpoint, which may cause excessive CPU usage. Fixed in 1.0.18, 1.1.12, and 1.2.6.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://discuss.hashicorp.comhttps://discuss.hashicorp.com/t/hcsec-2022-03-nomad-malformed-job-parsing-results-in-excessive-cpu-usage/https://discuss.hashicorp.com/t/hcsec-2022-03-nomad-malformed-job-parsing-results-in-excessive-cpu-usage/35561https://security.netapp.com/advisory/ntap-20220331-0007/https://discuss.hashicorp.comhttps://discuss.hashicorp.com/t/hcsec-2022-03-nomad-malformed-job-parsing-results-in-excessive-cpu-usage/https://discuss.hashicorp.com/t/hcsec-2022-03-nomad-malformed-job-parsing-results-in-excessive-cpu-usage/35561https://security.netapp.com/advisory/ntap-20220331-0007/
2022-02-28
Published