CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-6717

HashiCorp Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 1.8.1 archive unpacking during migration is vulnerable to path escaping of the allocation directory. This vulnerability, CVE-2024-6717, is fixed in Nomad 1.6.13, 1.7.10, and 1.8.2.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 63.3%

CVSS Severity

CVSS v3 Score 7.7

References

https://discuss.hashicorp.com/t/hcsec-2024-15-nomad-vulnerable-to-allocation-directory-path-escape-through-archive-unpacking/68781
https://discuss.hashicorp.com/t/hcsec-2024-15-nomad-vulnerable-to-allocation-directory-path-escape-through-archive-unpacking/68781

Products affected by CVE-2024-6717

Hashicorp » Nomad » Version: 1.6.12

cpe:2.3:a:hashicorp:nomad:1.6.12
Hashicorp » Nomad » Version: 1.7.0

cpe:2.3:a:hashicorp:nomad:1.7.0
Hashicorp » Nomad » Version: 1.7.3.

cpe:2.3:a:hashicorp:nomad:1.7.3.
Hashicorp » Nomad » Version: 1.7.4

cpe:2.3:a:hashicorp:nomad:1.7.4
Hashicorp » Nomad » Version: 1.7.8

cpe:2.3:a:hashicorp:nomad:1.7.8
Hashicorp » Nomad » Version: 1.7.9

cpe:2.3:a:hashicorp:nomad:1.7.9
Hashicorp » Nomad » Version: 1.8.1

cpe:2.3:a:hashicorp:nomad:1.8.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-6717

Products

Pricing

Contact Us