GHSA-5x92-p4p5-33c4

Source

https://github.com/advisories/GHSA-5x92-p4p5-33c4

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-5x92-p4p5-33c4/GHSA-5x92-p4p5-33c4.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-5x92-p4p5-33c4

Aliases

Published

2022-02-15T01:57:18Z

Modified

2024-08-21T15:41:48.898299Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

Path Traversal in HashiCorp Nomad

Details

HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature (github.com/hashicorp/nomad/drivers/docker) may be subverted when not explicitly disabled or when using a volume mount type. Fixed in 0.12.8, 0.11.7, and 0.10.8.

Database specific

{
    "nvd_published_at": null,
    "github_reviewed": true,
    "github_reviewed_at": "2021-05-12T21:53:03Z",
    "severity": "MODERATE",
    "cwe_ids": [
        "CWE-22"
    ]
}

References

Affected packages

Go / github.com/hashicorp/nomad

Package

Name: github.com/hashicorp/nomad; View open source insights on deps.dev
Purl: pkg:golang/github.com/hashicorp/nomad

Affected ranges

Type: SEMVER
Events: Introduced

0.9.0

Fixed

0.10.8

Go / github.com/hashicorp/nomad

Package

Name: github.com/hashicorp/nomad; View open source insights on deps.dev
Purl: pkg:golang/github.com/hashicorp/nomad

Affected ranges

Type: SEMVER
Events: Introduced

0.11.0-beta1

Fixed

0.11.7

Go / github.com/hashicorp/nomad

Package

Name: github.com/hashicorp/nomad; View open source insights on deps.dev
Purl: pkg:golang/github.com/hashicorp/nomad

Affected ranges

Type: SEMVER
Events: Introduced

0.12.0-beta1

Fixed

0.12.8