CVE-2022-41606 — Improper Input Validation in Hashicorp Nomad

CWE-20 — Improper Input Validation6 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.4%

top 38.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Github.com Hashicorp Nomad Hashicorp Nomad

Timeline

PublishedOct 12

Latest updateAug 21

Description

HashiCorp Nomad and Nomad Enterprise 1.0.2 up to 1.2.12, and 1.3.5 jobs submitted with an artifact stanza using invalid S3 or GCS URLs can be used to crash client agents. Fixed in 1.2.13, 1.3.6, and 1.4.0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDhashicorp/nomad1.0.2 — 1.2.13+1

▶Gogithub.com/hashicorp_nomad1.3.0 — 1.3.6+1

🔴Vulnerability Details

OSV

Nomad Panics On Job Submission With Bad Artifact Stanza Source URL in github.com/hashicorp/nomad↗2024-08-21

▶

OSV

Nomad Panics On Job Submission With Bad Artifact Stanza Source URL↗2022-10-12

▶

GHSA

Nomad Panics On Job Submission With Bad Artifact Stanza Source URL↗2022-10-12

▶

OSV

CVE-2022-41606: HashiCorp Nomad and Nomad Enterprise 1↗2022-10-12

▶

CVEList

CVE-2022-41606: HashiCorp Nomad and Nomad Enterprise 1↗2022-10-11

▶