Closed
Description
In GitHub Security Advisory GHSA-526x-rm7j-v389, there is a vulnerability in the following Go packages or modules:
| Unit | Fixed | Vulnerable Ranges |
|---|---|---|
| github.com/hashicorp/nomad | 1.3.1 | >= 1.3.0, < 1.3.1 |
See doc/triage.md for instructions on how to triage this report.
packages:
- package: github.com/hashicorp/nomad
versions:
- introduced: 1.3.0
fixed: 1.3.1
- package: github.com/hashicorp/nomad
versions:
- introduced: 1.2.0
fixed: 1.2.8
- package: github.com/hashicorp/nomad
versions:
- introduced: 0.2.0
fixed: 1.1.14
description: HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were impacted
by go-getter vulnerabilities enabling privilege escalation through the artifact
stanza in submitted jobs onto the client agent host. Fixed in 1.1.14, 1.2.8, and
1.3.1.
published: 2022-06-03T00:01:07Z
last_modified: 2022-06-14T20:05:49Z
cves:
- CVE-2022-30324
ghsas:
- GHSA-526x-rm7j-v389
links:
context:
- https://github.com/advisories/GHSA-526x-rm7j-v389