Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2024-7625
HistoryAug 15, 2024 - 12:15 a.m.

CVE-2024-7625

2024-08-1500:15:13
CWE-610
[email protected]
web.nvd.nist.gov
4
cve-2024-7625
hashicorp nomad
nomad enterprise
archive unpacking
vulnerability
allocation directories
migration
access compromise

CVSS3

5.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N

EPSS

0

Percentile

9.5%

JSON

In HashiCorp Nomad and Nomad Enterprise from 0.6.1 up to 1.16.13, 1.7.10, and 1.8.2, the archive unpacking process is vulnerable to writes outside the allocation directory during migration of allocation directories when multiple archive headers target the same file. This vulnerability, CVE-2024-7625, is fixed in Nomad 1.6.14, 1.7.11, and 1.8.3. Access or compromise of the Nomad client agent at the source allocation first is a prerequisite for leveraging this vulnerability.

Related

veracode 1
ubuntucve 1
github 1
osv 2
cvelist 1
cve 1
vulnrichment 1
redos 1
veracode
veracode
Path Traversal
2024-08-16 09:24:31
ubuntucve
ubuntucve
CVE-2024-7625
2024-08-15 00:00:00
github
github
Nomad Vulnerable to Allocation Directory Escape On Non-Existing File Paths Through Archive Unpacking
2024-08-15 00:30:59
osv
osv
Nomad Vulnerable to Allocation Directory Escape On Non-Existing File Paths Through Archive Unpacking in github.com/hashicorp/nomad
2024-08-19 17:26:34
Nomad Vulnerable to Allocation Directory Escape On Non-Existing File Paths Through Archive Unpacking
2024-08-15 00:30:59
cvelist
cvelist
CVE-2024-7625 Nomad Vulnerable to Allocation Directory Escape On Non-Existing File Paths Through Archive Unpacking
2024-08-14 23:20:17
cve
cve
CVE-2024-7625
2024-08-15 00:15:13
vulnrichment
vulnrichment
CVE-2024-7625 Nomad Vulnerable to Allocation Directory Escape On Non-Existing File Paths Through Archive Unpacking
2024-08-14 23:20:17
redos
redos
ROS-20240910-05
2024-09-10 00:00:00

CVSS3

5.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N

EPSS

0

Percentile

9.5%

JSON
Related for NVD:CVE-2024-7625
veracode1ubuntucve1github1osv2cvelist1cve1vulnrichment1redos1