Closed
Description
In GitHub Security Advisory GHSA-wmrx-57hm-mw7r, there is a vulnerability in the following Go packages or modules:
| Unit | Fixed | Vulnerable Ranges |
|---|---|---|
| github.com/hashicorp/nomad | 1.2.6 | >= 1.2.0, < 1.2.6 |
See doc/triage.md for instructions on how to triage this report.
packages:
- package: github.com/hashicorp/nomad
versions:
- introduced: 1.2.0
fixed: 1.2.6
- package: github.com/hashicorp/nomad
versions:
- introduced: 1.1.0
fixed: 1.1.12
- package: github.com/hashicorp/nomad
versions:
- introduced: 0.9.2
fixed: 1.0.18
description: Nomad is an easy-to-use, flexible, and performant workload orchestrator
that can deploy a mix of microservice, batch, containerized, and non-containerized
applications. HashiCorp Nomad and Nomad Enterprise 0.9.2 through 1.0.17, 1.1.11,
and 1.2.5 allow operators with read-fs and alloc-exec (or job-submit) capabilities
to read arbitrary files on the host filesystem as root. There are currently no
known workarounds. Users are recommended to upgrade as soon as possible to avoid
this issue.
published: 2022-02-18T00:00:34Z
last_modified: 2022-03-24T22:47:40Z
cves:
- CVE-2022-24683
ghsas:
- GHSA-wmrx-57hm-mw7r
links:
context:
- https://github.com/advisories/GHSA-wmrx-57hm-mw7r