Nomad Archive Unpack Path Escaping CVE-2024-6717 (Alloc Dir)
CVE-2024-6717 Published on July 23, 2024
Nomad Vulnerable to Allocation Directory Path Escape Through Archive Unpacking
HashiCorp Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 1.8.1 archive unpacking during migration is vulnerable to path escaping of the allocation directory. This vulnerability, CVE-2024-6717, is fixed in Nomad 1.6.13, 1.7.10, and 1.8.2.
Weakness Type
Externally Controlled Reference to a Resource in Another Sphere
The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.
Products Associated with CVE-2024-6717
Want to know whenever a new CVE is published for HashiCorp Nomad? stack.watch will email you.
Affected Versions
HashiCorp Nomad:- Before 1.8.2 is affected.
- Before 1.8.2 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.