cbcvebase.
CVE-2022-24686
published 2022-02-14

CVE-2022-24686: HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.11, and 1.2.5 artifact download functionality has a race condition such that the Nomad client…

PriorityP429medium5.9CVSS 3.1
AVNACHPRNUINSUCNIHAN
EPSS
0.85%
53.5th percentile
HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.11, and 1.2.5 artifact download functionality has a race condition such that the Nomad client agent could download the wrong artifact into the wrong destination. Fixed in 1.0.18, 1.1.12, and 1.2.6

Affected

6 ranges
VendorProductVersion rangeFixed in
github.comhashicorp_nomad>= 0.3.0 < 1.0.181.0.18
github.comhashicorp_nomad>= 1.1.0 < 1.1.121.1.12
github.comhashicorp_nomad>= 1.2.0 < 1.2.61.2.6
hashicorpnomad>= 0.3.0 < 1.0.181.0.18
hashicorpnomad>= 1.1.0 < 1.1.121.1.12
hashicorpnomad>= 1.2.0 < 1.2.61.2.6

CVSS provenance

nvdv3.15.9MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv5.9MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.