CVE-2022-24686 — Race Condition in Hashicorp Nomad

CWE-362 — Race Condition6 documents4 sources

Severity

5.9MEDIUMNVD

EPSS

0.4%

top 42.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Github.com Hashicorp Nomad Hashicorp Nomad

Timeline

PublishedFeb 14

Latest updateAug 21

Description

HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.11, and 1.2.5 artifact download functionality has a race condition such that the Nomad client agent could download the wrong artifact into the wrong destination. Fixed in 1.0.18, 1.1.12, and 1.2.6

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

▶NVDhashicorp/nomad0.3.0 — 1.0.18+2

▶Gogithub.com/hashicorp_nomad0.3.0 — 1.0.18+2

🔴Vulnerability Details

OSV

HashiCorp Nomad Artifact Download Race Condition in github.com/hashicorp/nomad↗2024-08-21

▶

OSV

HashiCorp Nomad Artifact Download Race Condition↗2022-02-15

▶

GHSA

HashiCorp Nomad Artifact Download Race Condition↗2022-02-15

▶

CVEList

CVE-2022-24686: HashiCorp Nomad and Nomad Enterprise 0↗2022-02-14

▶

OSV

CVE-2022-24686: HashiCorp Nomad and Nomad Enterprise 0↗2022-02-14

▶