HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were impacted by go-getter vulnerabilities enabling privilege escalation through the artifact stanza in submitted jobs onto the client agent host. Fixed in 1.1.14, 1.2.8, and 1.3.1.
2022-06-02T14:15:52.623
2024-11-21T07:02:35.193
Modified
CVSSv3.1: 9.8 (CRITICAL)
AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | hashicorp | nomad | < 1.1.14 | Yes |
Application | hashicorp | nomad | < 1.1.14 | Yes |
Application | hashicorp | nomad | < 1.2.8 | Yes |
Application | hashicorp | nomad | < 1.2.8 | Yes |
Application | hashicorp | nomad | 1.3.0 | Yes |
Application | hashicorp | nomad | 1.3.0 | Yes |