Incorrect Privilege Assignment
CVE-2022-30324
Summary
HashiCorp Nomad and Nomad Enterprise version 0.2.0 through 1.1.13, 1.2.0-beta1 through 1.2.7, and 1.3.0-beta.1 through 1.3.0 were impacted by go-getter vulnerabilities enabling privilege escalation through the artifact stanza in submitted jobs onto the client agent host. This vulnerability is fixed in 1.1.14, 1.2.8 and 1.3.1 versions.
- LOW
- NETWORK
- HIGH
- UNCHANGED
- NONE
- NONE
- HIGH
- HIGH
CWE-266 - Incorrect Privilege Assignment
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
References
Advisory Timeline
- Published
