CVE-2024-7625
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-7625
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-7625.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-7625
- Aliases
- Downstream
- Published
- 2024-08-15T00:15:13.127Z
- Modified
- 2025-12-31T10:10:23.013737Z
- Severity
-
- 5.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
In HashiCorp Nomad and Nomad Enterprise from 0.6.1 up to 1.6.13, 1.7.10, and 1.8.2, the archive unpacking process is vulnerable to writes outside the allocation directory during migration of allocation directories when multiple archive headers target the same file. This vulnerability, CVE-2024-7625, is fixed in Nomad 1.6.14, 1.7.11, and 1.8.3. Access or compromise of the Nomad client agent at the source allocation first is a prerequisite for leveraging this vulnerability.
- References
Affected packages
Git / github.com/hashicorp/nomad
Affected versions
ent-changelog-1.*
ent-changelog-1.6.11
ent-changelog-1.6.12
v0.*
v0.10.0
v0.10.0-beta1
v0.10.0-rc1
v0.10.1
v0.10.2
v0.10.2-rc1
v0.11.2
v0.12.0
v0.12.0-rc1
v0.12.1
v0.12.2
v0.12.3
v0.12.4
v0.12.4-rc1
v0.6.1
v0.6.2
v0.6.3-rc1
v0.7.0
v0.7.0-rc1
v0.7.0-rc2
v0.7.0-rc3
v0.7.1
v0.7.1+pro
v0.7.1-rc1
v0.7.1-rc1+pro
v0.8.0
v0.8.0+pro
v0.8.0-rc1
v0.8.0-rc1+pro
v0.8.2
v0.8.3
v0.8.4
v0.8.4-rc1
v0.9.0
v0.9.0-beta1
v0.9.0-beta2
v0.9.0-beta3
v0.9.0-rc1
v0.9.0-rc2
v0.9.2
v0.9.2-rc1
v0.9.3
v0.9.4
v0.9.4-rc1
v1.*
v1.0.2
v1.0.3
v1.1.0
v1.1.0-rc1
v1.1.2
v1.1.3
v1.2.0
v1.2.1
v1.2.2
v1.2.3
v1.2.4
v1.2.5
v1.2.6
v1.3.0-beta.1
v1.4.0-beta.1
v1.5.0-beta.1
v1.6.0
v1.6.0-rc.1
v1.6.1
v1.6.10
v1.6.2
v1.6.3
v1.6.4
v1.6.5
v1.6.6
v1.6.7
v1.6.8
v1.6.9