CVE-2024-6717

Source
https://cve.org/CVERecord?id=CVE-2024-6717
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-6717.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-6717
Aliases
Downstream
Related
Published
2024-07-23T00:16:20.955Z
Modified
2026-07-08T07:57:53.163167008Z
Severity
  • 7.7 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N CVSS Calculator
Summary
Nomad Vulnerable to Allocation Directory Path Escape Through Archive Unpacking
Details

HashiCorp Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 1.8.1 archive unpacking during migration is vulnerable to path escaping of the allocation directory. This vulnerability, CVE-2024-6717, is fixed in Nomad 1.6.13, 1.7.10, and 1.8.2.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/6xxx/CVE-2024-6717.json",
    "cna_assigner": "HashiCorp",
    "cwe_ids": [
        "CWE-610"
    ]
}
References

Affected packages

Git / github.com/hashicorp/nomad

Affected ranges

Type
GIT
Repo
https://github.com/hashicorp/nomad
Events
Database specific
{
    "source": [
        "CPE_RANGE",
        "CPE_STRING"
    ],
    "cpe": [
        "cpe:2.3:a:hashicorp:nomad:*:*:*:*:-:*:*:*",
        "cpe:2.3:a:hashicorp:nomad:*:*:*:*:enterprise:*:*:*",
        "cpe:2.3:a:hashicorp:nomad:1.6.12:*:*:*:-:*:*:*",
        "cpe:2.3:a:hashicorp:nomad:1.6.12:*:*:*:enterprise:*:*:*",
        "cpe:2.3:a:hashicorp:nomad:1.8.1:*:*:*:-:*:*:*",
        "cpe:2.3:a:hashicorp:nomad:1.8.1:*:*:*:enterprise:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "1.7.0"
        },
        {
            "fixed": "1.7.10"
        },
        {
            "introduced": "1.6.12"
        },
        {
            "last_affected": "1.6.12"
        },
        {
            "introduced": "1.8.1"
        },
        {
            "last_affected": "1.8.1"
        }
    ]
}

Affected versions

1.*
1.6.12
1.8.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-6717.json"