x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-c866-8gpw-p3mv #2538
Description
In GitHub Security Advisory GHSA-c866-8gpw-p3mv, there is a vulnerability in the following Go packages or modules:
| Unit | Fixed | Vulnerable Ranges |
|---|---|---|
| github.com/hashicorp/nomad | 1.7.4 | = 1.7.3 |
Cross references:
- Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-6jm6-cmcp-fqjq #560 EFFECTIVELY_PRIVATE
- Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-2jhh-5xm2-j4gf #573 EFFECTIVELY_PRIVATE
- Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-3382-r9q8-4hfg #577 EFFECTIVELY_PRIVATE
- Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-wmrx-57hm-mw7r #584 EFFECTIVELY_PRIVATE
- Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-c8x3-rg72-fwwg #591 EFFECTIVELY_PRIVATE
- Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-gwmc-6795-qghj #600 EFFECTIVELY_PRIVATE
- Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-35qp-xq9f-2rjx #622 EFFECTIVELY_PRIVATE
- Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad/client/allocrunner/taskrunner/template: GHSA-6hv3-7c34-4hx8 #634 EFFECTIVELY_PRIVATE
- Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-vf6q-9f2f-mwhv #709 NOT_IMPORTABLE
- Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-526x-rm7j-v389 #732 NOT_IMPORTABLE
- Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad/client/allocrunner/taskrunner/template: GHSA-77cr-6gr8-7rr9 #806 NOT_IMPORTABLE
- Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-cj2h-ww36-v932 #821 NOT_IMPORTABLE
- Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad/command/agent: GHSA-h43v-26r7-7j4c #840 NOT_IMPORTABLE
- Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-7v3g-4878-5qrf #1062 EFFECTIVELY_PRIVATE
- Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-7wg4-8m5p-hrfg #1105 EFFECTIVELY_PRIVATE
- Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-9fmc-5fq4-5jwh #1106 EFFECTIVELY_PRIVATE
- Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-w479-w22g-cffh #1581 EFFECTIVELY_PRIVATE
- Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-rqm8-q8j9-662f #1633 EFFECTIVELY_PRIVATE
- Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-f8r8-h93m-mj77 #1707 EFFECTIVELY_PRIVATE
- Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-hhvx-8755-4cvw #1899 EFFECTIVELY_PRIVATE
- Module github.com/hashicorp/nomad appears in issue x/vulndb: potential Go vuln in github.com/hashicorp/nomad: GHSA-2w2v-xcr9-mj4m #1928 EFFECTIVELY_PRIVATE
See doc/triage.md for instructions on how to triage this report.
modules:
- module: github.com/hashicorp/nomad
versions:
- introduced: TODO (earliest fixed "1.7.4", vuln range "= 1.7.3")
packages:
- package: github.com/hashicorp/nomad
- module: github.com/hashicorp/nomad
versions:
- introduced: TODO (earliest fixed "1.6.7", vuln range ">= 1.6.0, <= 1.6.6")
packages:
- package: github.com/hashicorp/nomad
- module: github.com/hashicorp/nomad
versions:
- introduced: TODO (earliest fixed "1.5.14", vuln range "= 1.5.13")
packages:
- package: github.com/hashicorp/nomad
summary: HashiCorp Nomad vulnerable to symlink attacks
cves:
- CVE-2024-1329
ghsas:
- GHSA-c866-8gpw-p3mv
references:
- web: https://nvd.nist.gov/vuln/detail/CVE-2024-1329
- web: https://discuss.hashicorp.com/t/hcsec-2024-03-nomad-vulnerable-to-arbitrary-write-through-symlink-attack
- report: https://github.com/hashicorp/nomad/issues/19888
- fix: https://github.com/hashicorp/nomad/commit/b3209cbc6921e703b0e9984ce70c10b378665834
- fix: https://github.com/hashicorp/nomad/commit/d1721c7a6fc1833778086603f818a822a34f445a
- fix: https://github.com/hashicorp/nomad/commit/de55da677a21ac7572c0f4a8cd9abd5473c47a70
- advisory: https://github.com/advisories/GHSA-c866-8gpw-p3mv
Metadata
Metadata
Assignees
Labels
No labels