cbcvebase.
CVE-2024-10975
published 2024-11-07

CVE-2024-10975: Nomad Community and Nomad Enterprise ("Nomad") volume specification is vulnerable to arbitrary cross-namespace volume creation through unauthorized Container…

PriorityP343high7.7CVSS 3.1
AVNACLPRLUINSCCNIHAN
EPSS
0.46%
36.3th percentile
Nomad Community and Nomad Enterprise ("Nomad") volume specification is vulnerable to arbitrary cross-namespace volume creation through unauthorized Container Storage Interface (CSI) volume writes. This vulnerability, identified as CVE-2024-10975, is fixed in Nomad Community Edition 1.9.2 and Nomad Enterprise 1.9.2, 1.8.7, and 1.7.15.

Affected

7 ranges
VendorProductVersion rangeFixed in
github.comhashicorp_nomad>= 0 < 1.9.21.9.2
github.comhashicorp_nomad0 – 1.9.1
hashicorpnomad>= 1.3.0 < 1.7.151.7.15
hashicorpnomad>= 1.3.0 < 1.9.21.9.2
hashicorpnomad>= 1.8.0 < 1.8.71.8.7
hashicorpnomad>= 1.9.0 < 1.9.21.9.2
hashicorpnomad_enterprise>= 1.3.0 < 1.9.21.9.2

CVSS provenance

nvdv3.17.7HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
ghsa7.7HIGH
osv7.7HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.