CVE-2022-30324

EUVD-2022-5928
HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were impacted by go-getter vulnerabilities enabling privilege escalation through the artifact stanza in submitted jobs onto the client agent host. Fixed in 1.1.14, 1.2.8, and 1.3.1.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 61%
Affected Products (NVD)
VendorProductVersion
hashicorpnomad
0.2.0 ≤
𝑥
< 1.1.14
hashicorpnomad
0.2.0 ≤
𝑥
< 1.1.14
hashicorpnomad
1.2.0 ≤
𝑥
< 1.2.8
hashicorpnomad
1.2.0 ≤
𝑥
< 1.2.8
hashicorpnomad
1.3.0
hashicorpnomad
1.3.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
nomad
bionic
needs-triage
focal
needs-triage
References
https://discuss.hashicorp.com
https://discuss.hashicorp.com/t/hcsec-2022-14-nomad-impacted-by-go-getter-vulnerabilities/39932
https://discuss.hashicorp.com
https://discuss.hashicorp.com/t/hcsec-2022-14-nomad-impacted-by-go-getter-vulnerabilities/39932