CVE-2022-30324

HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were impacted by go-getter vulnerabilities enabling privilege escalation through the artifact stanza in submitted jobs onto the client agent host. Fixed in 1.1.14, 1.2.8, and 1.3.1.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 83%
VendorProductVersion
hashicorpnomad
0.2.0 ≤
𝑥
< 1.1.14
hashicorpnomad
0.2.0 ≤
𝑥
< 1.1.14
hashicorpnomad
1.2.0 ≤
𝑥
< 1.2.8
hashicorpnomad
1.2.0 ≤
𝑥
< 1.2.8
hashicorpnomad
1.3.0
hashicorpnomad
1.3.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
nomad
focal
needs-triage
bionic
needs-triage
References
https://discuss.hashicorp.com
https://discuss.hashicorp.com/t/hcsec-2022-14-nomad-impacted-by-go-getter-vulnerabilities/39932
https://discuss.hashicorp.com
https://discuss.hashicorp.com/t/hcsec-2022-14-nomad-impacted-by-go-getter-vulnerabilities/39932