CVE-2022-30324 — Improper Privilege Management in Hashicorp Nomad

6 documents4 sources

Severity

9.8CRITICALNVD

EPSS

0.4%

top 38.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Github.com Hashicorp Nomad Hashicorp Nomad

Timeline

PublishedJun 2

Latest updateAug 21

Description

HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were impacted by go-getter vulnerabilities enabling privilege escalation through the artifact stanza in submitted jobs onto the client agent host. Fixed in 1.1.14, 1.2.8, and 1.3.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDhashicorp/nomad0.2.0 — 1.1.14+2

▶Gogithub.com/hashicorp_nomad0.2.0 — 1.1.14+2

🔴Vulnerability Details

OSV

Privilege escalation in Hashicorp Nomad in github.com/hashicorp/nomad↗2024-08-21

▶

OSV

Privilege escalation in Hashicorp Nomad↗2022-06-03

▶

GHSA

Privilege escalation in Hashicorp Nomad↗2022-06-03

▶

OSV

CVE-2022-30324: HashiCorp Nomad and Nomad Enterprise version 0↗2022-06-02

▶

CVEList

CVE-2022-30324: HashiCorp Nomad and Nomad Enterprise version 0↗2022-05-27

▶