CVE-2022-30324

HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were impacted by go-getter vulnerabilities enabling privilege escalation through the artifact stanza in submitted jobs onto the client agent host. Fixed in 1.1.14, 1.2.8, and 1.3.1.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
hashicorpnomad
0.2.0 ≤
𝑥
< 1.1.14
hashicorpnomad
0.2.0 ≤
𝑥
< 1.1.14
hashicorpnomad
1.2.0 ≤
𝑥
< 1.2.8
hashicorpnomad
1.2.0 ≤
𝑥
< 1.2.8
hashicorpnomad
1.3.0
hashicorpnomad
1.3.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
nomad
bionic
needs-triage
focal
needs-triage
References
https://discuss.hashicorp.com
https://discuss.hashicorp.com/t/hcsec-2022-14-nomad-impacted-by-go-getter-vulnerabilities/39932
https://discuss.hashicorp.com
https://discuss.hashicorp.com/t/hcsec-2022-14-nomad-impacted-by-go-getter-vulnerabilities/39932