Lucene search

K
githubGitHub Advisory DatabaseGHSA-W479-W22G-CFFH
HistoryFeb 17, 2023 - 12:30 a.m.

Uncontrolled Resource Consumption in Hashicorp Nomad

2023-02-1700:30:28
CWE-400
GitHub Advisory Database
github.com
7
hashicorp
nomad
enterprise
1.2.15
1.3.8
1.4.3
maliciously compressed artifact
excessive disk usage
fixed
1.2.16
1.3.9
1.4.4
software

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

31.6%

HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source can cause excessive disk usage. Fixed in 1.2.16, 1.3.9, and 1.4.4.

Affected configurations

Vulners
Node
github_advisory_databasegithub.com\/hashicorp\/nomadRange<1.4.4
OR
github_advisory_databasegithub.com\/hashicorp\/nomadRange<1.3.9
OR
github_advisory_databasegithub.com\/hashicorp\/nomadRange<1.2.16

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

31.6%