CVE-2022-30324
published 2022-06-02CVE-2022-30324: HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were impacted by go-getter vulnerabilities enabling privilege escalation through the artifact…
PriorityP349critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.32%
67.4th percentile
HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were impacted by go-getter vulnerabilities enabling privilege escalation through the artifact stanza in submitted jobs onto the client agent host. Fixed in 1.1.14, 1.2.8, and 1.3.1.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | hashicorp_nomad | >= 0.2.0 < 1.1.14 | 1.1.14 |
| github.com | hashicorp_nomad | >= 1.2.0 < 1.2.8 | 1.2.8 |
| github.com | hashicorp_nomad | >= 1.3.0 < 1.3.1 | 1.3.1 |
| hashicorp | nomad | — | — |
| hashicorp | nomad | >= 0.2.0 < 1.1.14 | 1.1.14 |
| hashicorp | nomad | >= 1.2.0 < 1.2.8 | 1.2.8 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Privilege escalation in Hashicorp Nomad in github.com/hashicorp/nomad
osv·2024-08-21
CVE-2022-30324 Privilege escalation in Hashicorp Nomad in github.com/hashicorp/nomad
Privilege escalation in Hashicorp Nomad in github.com/hashicorp/nomad
Privilege escalation in Hashicorp Nomad in github.com/hashicorp/nomad
OSV
Privilege escalation in Hashicorp Nomad
osv·2022-06-03
CVE-2022-30324 [CRITICAL] Privilege escalation in Hashicorp Nomad
Privilege escalation in Hashicorp Nomad
HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were impacted by go-getter vulnerabilities enabling privilege escalation through the artifact stanza in submitted jobs onto the client agent host. Fixed in 1.1.14, 1.2.8, and 1.3.1.
GHSA
Privilege escalation in Hashicorp Nomad
ghsa·2022-06-03
CVE-2022-30324 [CRITICAL] Privilege escalation in Hashicorp Nomad
Privilege escalation in Hashicorp Nomad
HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were impacted by go-getter vulnerabilities enabling privilege escalation through the artifact stanza in submitted jobs onto the client agent host. Fixed in 1.1.14, 1.2.8, and 1.3.1.
OSV
CVE-2022-30324: HashiCorp Nomad and Nomad Enterprise version 0
osv·2022-06-02·CVSS 9.8
CVE-2022-30324 [CRITICAL] CVE-2022-30324: HashiCorp Nomad and Nomad Enterprise version 0
HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were impacted by go-getter vulnerabilities enabling privilege escalation through the artifact stanza in submitted jobs onto the client agent host. Fixed in 1.1.14, 1.2.8, and 1.3.1.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-06-02
Published