Externally Controlled Reference to a Resource in Another Sphere

CVE-2024-6717

High

8.6/10

Summary

In HashiCorp Nomad and Nomad Enterprise archive unpacking during migration is vulnerable to path escaping of the allocation directory. This vulnerability affects github.com/hashicorp/nomad package versions through 1.6.12, 1.7.0-beta.1 through 1.7.9, and 1.8.0-beta.1 through 1.8.1.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: CHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: NONE

CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.

References

Advisory
Advisory
Advisory
Pull request
Release Note

Advisory Timeline

Published Jul 23, 2024

Externally Controlled Reference to a Resource in Another Sphere

CVE-2024-6717

Summary

CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS