CVE-2024-6717
published 2024-07-23CVE-2024-6717: HashiCorp Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 1.8.1 archive unpacking during migration is vulnerable to path escaping of the allocation…
PriorityP346high8.6CVSS 3.1
AVNACLPRNUINSCCNIHAN
EPSS
0.39%
30.7th percentile
HashiCorp Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 1.8.1 archive unpacking during migration is vulnerable to path escaping of the allocation directory. This vulnerability, CVE-2024-6717, is fixed in Nomad 1.6.13, 1.7.10, and 1.8.2.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | hashicorp_nomad | >= 0 < 1.11.1 | 1.11.1 |
| github.com | hashicorp_nomad | >= 0 < 1.8.2 | 1.8.2 |
| hashicorp | nomad | < 1.8.2 | 1.8.2 |
| hashicorp | nomad | — | — |
| hashicorp | nomad | — | — |
| hashicorp | nomad | >= 1.7.0 < 1.7.10 | 1.7.10 |
| hashicorp | nomad_enterprise | < 1.8.2 | 1.8.2 |
CVSS provenance
nvdv3.18.6HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
ghsa8.6HIGH
osv8.6HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
HashiCorp Nomad is vulnerable to path escape through archive unpacking during migration in github.com/hashicorp/nomad
osv·2026-01-12
CVE-2024-6717 HashiCorp Nomad is vulnerable to path escape through archive unpacking during migration in github.com/hashicorp/nomad
HashiCorp Nomad is vulnerable to path escape through archive unpacking during migration in github.com/hashicorp/nomad
HashiCorp Nomad is vulnerable to path escape through archive unpacking during migration in github.com/hashicorp/nomad
OSV
HashiCorp Nomad is vulnerable to path escape through archive unpacking during migration
osv·2024-07-23·CVSS 8.6
CVE-2024-6717 [HIGH] HashiCorp Nomad is vulnerable to path escape through archive unpacking during migration
HashiCorp Nomad is vulnerable to path escape through archive unpacking during migration
HashiCorp Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 1.8.1 archive unpacking during migration is vulnerable to path escaping of the allocation directory. This vulnerability, CVE-2024-6717, is fixed in Nomad 1.6.13, 1.7.10, and 1.8.2.
GHSA
HashiCorp Nomad is vulnerable to path escape through archive unpacking during migration
ghsa·2024-07-23·CVSS 8.6
CVE-2024-6717 [HIGH] CWE-610 HashiCorp Nomad is vulnerable to path escape through archive unpacking during migration
HashiCorp Nomad is vulnerable to path escape through archive unpacking during migration
HashiCorp Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 1.8.1 archive unpacking during migration is vulnerable to path escaping of the allocation directory. This vulnerability, CVE-2024-6717, is fixed in Nomad 1.6.13, 1.7.10, and 1.8.2.
OSV
CVE-2024-6717: HashiCorp Nomad and Nomad Enterprise 1
osv·2024-07-23·CVSS 8.6
CVE-2024-6717 [HIGH] CVE-2024-6717: HashiCorp Nomad and Nomad Enterprise 1
HashiCorp Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 1.8.1 archive unpacking during migration is vulnerable to path escaping of the allocation directory. This vulnerability, CVE-2024-6717, is fixed in Nomad 1.6.13, 1.7.10, and 1.8.2.
No detection rules found.
No public exploits indexed.
2024-07-23
Published