CVE-2024-1329

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-1329

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-1329.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-1329

Aliases

Related

UBUNTU-CVE-2024-1329

Published

2024-02-08T20:15:52Z

Modified

2024-10-07T23:30:57Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. This vulnerability, CVE-2024-1329, is fixed in Nomad 1.7.4, 1.6.7, and 1.5.14.

References

https://discuss.hashicorp.com/t/hcsec-2024-03-nomad-vulnerable-to-arbitrary-write-through-symlink-attack

Affected packages

Git / github.com/hashicorp/nomad

Affected ranges

Type: GIT
Repo: https://github.com/hashicorp/nomad
Events: Introduced

bc8ad5174a38919ecadd5d76fa5296e160109622

Fixed

bfc6801b835b5d16e72ebd1957ae1cb5e9b4a836