Skip to main content

Externally Controlled Reference to a Resource in Another Sphere

CVE-2024-1329

Severity High
Score 7.5/10

Summary

HashiCorp Nomad and Nomad Enterprise versions 1.5.13, 1.6.0-beta.1 through 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks.

  • LOW
  • NETWORK
  • HIGH
  • UNCHANGED
  • NONE
  • NONE
  • NONE
  • NONE

CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.

Advisory Timeline

  • Published