CVE-2022-24686
published 2022-02-14CVE-2022-24686: HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.11, and 1.2.5 artifact download functionality has a race condition such that the Nomad client…
PriorityP429medium5.9CVSS 3.1
AVNACHPRNUINSUCNIHAN
EPSS
0.85%
53.5th percentile
HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.11, and 1.2.5 artifact download functionality has a race condition such that the Nomad client agent could download the wrong artifact into the wrong destination. Fixed in 1.0.18, 1.1.12, and 1.2.6
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | hashicorp_nomad | >= 0.3.0 < 1.0.18 | 1.0.18 |
| github.com | hashicorp_nomad | >= 1.1.0 < 1.1.12 | 1.1.12 |
| github.com | hashicorp_nomad | >= 1.2.0 < 1.2.6 | 1.2.6 |
| hashicorp | nomad | >= 0.3.0 < 1.0.18 | 1.0.18 |
| hashicorp | nomad | >= 1.1.0 < 1.1.12 | 1.1.12 |
| hashicorp | nomad | >= 1.2.0 < 1.2.6 | 1.2.6 |
CVSS provenance
nvdv3.15.9MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv5.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
HashiCorp Nomad Artifact Download Race Condition in github.com/hashicorp/nomad
osv·2024-08-21
CVE-2022-24686 HashiCorp Nomad Artifact Download Race Condition in github.com/hashicorp/nomad
HashiCorp Nomad Artifact Download Race Condition in github.com/hashicorp/nomad
HashiCorp Nomad Artifact Download Race Condition in github.com/hashicorp/nomad
OSV
HashiCorp Nomad Artifact Download Race Condition
osv·2022-02-15
CVE-2022-24686 [MEDIUM] HashiCorp Nomad Artifact Download Race Condition
HashiCorp Nomad Artifact Download Race Condition
HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.11, and 1.2.5 artifact download functionality has a race condition such that the Nomad client agent could download the wrong artifact into the wrong destination. This issue is fixed in 1.0.18, 1.1.12, and 1.2.6.
GHSA
HashiCorp Nomad Artifact Download Race Condition
ghsa·2022-02-15
CVE-2022-24686 [MEDIUM] CWE-362 HashiCorp Nomad Artifact Download Race Condition
HashiCorp Nomad Artifact Download Race Condition
HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.11, and 1.2.5 artifact download functionality has a race condition such that the Nomad client agent could download the wrong artifact into the wrong destination. This issue is fixed in 1.0.18, 1.1.12, and 1.2.6.
OSV
CVE-2022-24686: HashiCorp Nomad and Nomad Enterprise 0
osv·2022-02-14·CVSS 5.9
CVE-2022-24686 [MEDIUM] CVE-2022-24686: HashiCorp Nomad and Nomad Enterprise 0
HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.11, and 1.2.5 artifact download functionality has a race condition such that the Nomad client agent could download the wrong artifact into the wrong destination. Fixed in 1.0.18, 1.1.12, and 1.2.6
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://discuss.hashicorp.comhttps://discuss.hashicorp.com/t/hcsec-2022-01-nomad-artifact-download-race-condition/35559https://security.netapp.com/advisory/ntap-20220318-0008/https://discuss.hashicorp.comhttps://discuss.hashicorp.com/t/hcsec-2022-01-nomad-artifact-download-race-condition/35559https://security.netapp.com/advisory/ntap-20220318-0008/
2022-02-14
Published