Lucene search
K

301 matches found

Veracode
Veracode
added 2024/08/16 9:24 a.m.10 views

Path Traversal

github.com/hashicorp/nomad is vulnerable to path traversal. The vulnerability is due to there is no proper validation / sanitization during archive unpacking, which allows attackers to craft malicious archives that can write files outside the intended allocation directory...

5.8CVSS6.6AI score0.00333EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/08/15 12:30 a.m.8 views

GHSA-25QX-VFW2-FW8R Nomad Vulnerable to Allocation Directory Escape On Non-Existing File Paths Through Archive Unpacking

In HashiCorp Nomad and Nomad Enterprise from 0.6.1 up to 1.6.13, 1.7.10, and 1.8.2, the archive unpacking process is vulnerable to writes outside the allocation directory during migration of allocation directories when multiple archive headers target the same file. This vulnerability,...

5.8CVSS5.3AI score0.00333EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/08/15 12:30 a.m.21 views

Nomad Vulnerable to Allocation Directory Escape On Non-Existing File Paths Through Archive Unpacking

In HashiCorp Nomad and Nomad Enterprise from 0.6.1 up to 1.6.13, 1.7.10, and 1.8.2, the archive unpacking process is vulnerable to writes outside the allocation directory during migration of allocation directories when multiple archive headers target the same file. This vulnerability,...

5.8CVSS5.3AI score0.00333EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2024/08/15 12:15 a.m.32 views

CVE-2024-7625

In HashiCorp Nomad and Nomad Enterprise from 0.6.1 up to 1.6.13, 1.7.10, and 1.8.2, the archive unpacking process is vulnerable to writes outside the allocation directory during migration of allocation directories when multiple archive headers target the same file. This vulnerability,...

5.8CVSS0.00333EPSS
Exploits0References1
OSV
OSV
added 2024/08/15 12:15 a.m.5 views

UBUNTU-CVE-2024-7625

In HashiCorp Nomad and Nomad Enterprise from 0.6.1 up to 1.6.13, 1.7.10, and 1.8.2, the archive unpacking process is vulnerable to writes outside the allocation directory during migration of allocation directories when multiple archive headers target the same file. This vulnerability,...

5.8CVSS5.8AI score0.00333EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2024/08/15 12:0 a.m.14 views

CVE-2024-7625

In HashiCorp Nomad and Nomad Enterprise from 0.6.1 up to 1.6.13, 1.7.10, and 1.8.2, the archive unpacking process is vulnerable to writes outside the allocation directory during migration of allocation directories when multiple archive headers target the same file. This vulnerability,...

5.8CVSS5.8AI score0.00333EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/08/14 11:20 p.m.16 views

CVE-2024-7625 Nomad Vulnerable to Allocation Directory Escape On Non-Existing File Paths Through Archive Unpacking

In HashiCorp Nomad and Nomad Enterprise from 0.6.1 up to 1.6.13, 1.7.10, and 1.8.2, the archive unpacking process is vulnerable to writes outside the allocation directory during migration of allocation directories when multiple archive headers target the same file. This vulnerability,...

5.8CVSS5.4AI score0.00333EPSS
Exploits0References1
CVE
CVE
added 2024/08/14 11:20 p.m.55 views

CVE-2024-7625

Vulnerability summary (CVE-2024-7625) : HashiCorp Nomad and Nomad Enterprise prior to fixed versions are affected by an archive-unpacking bug that allows writes outside the allocation directory during migration when multiple archive headers target the same file. A prerequisite is access or compro...

5.8CVSS5.4AI score0.00333EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/08/14 11:20 p.m.42 views

CVE-2024-7625 Nomad Vulnerable to Allocation Directory Escape On Non-Existing File Paths Through Archive Unpacking

In HashiCorp Nomad and Nomad Enterprise from 0.6.1 up to 1.6.13, 1.7.10, and 1.8.2, the archive unpacking process is vulnerable to writes outside the allocation directory during migration of allocation directories when multiple archive headers target the same file. This vulnerability,...

5.8CVSS0.00333EPSS
Exploits0References1
OSV
OSV
added 2024/08/14 11:20 p.m.6 views

CVE-2024-7625 Nomad Vulnerable to Allocation Directory Escape On Non-Existing File Paths Through Archive Unpacking

In HashiCorp Nomad and Nomad Enterprise from 0.6.1 up to 1.6.13, 1.7.10, and 1.8.2, the archive unpacking process is vulnerable to writes outside the allocation directory during migration of allocation directories when multiple archive headers target the same file. This vulnerability,...

5.8CVSS6.2AI score0.00333EPSS
Exploits0References4
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2024/08/14 11:17 p.m.6 views

Nomad Vulnerable to Allocation Directory Escape On Non-Existing File Paths Through Archive Unpacking

Summary In HashiCorp Nomad and Nomad Enterprise from 0.6.1 up to 1.6.13, 1.7.10, and 1.8.2, the archive unpacking process is vulnerable to writes outside the allocation directory during migration of allocation directories when multiple archive headers target the same file. This vulnerability,...

5.8CVSS6.3AI score0.00333EPSS
Exploits0Affected Software1
OSV
OSV
added 2024/07/23 3:30 a.m.4 views

GHSA-5MQX-RPXV-MVXJ HashiCorp Nomad is vulnerable to path escape through archive unpacking during migration

HashiCorp Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 1.8.1 archive unpacking during migration is vulnerable to path escaping of the allocation directory. This vulnerability, CVE-2024-6717, is fixed in Nomad 1.6.13, 1.7.10, and 1.8.2...

7.7CVSS5.2AI score0.00388EPSS
Exploits0References5
OSV
OSV
added 2024/07/23 1:15 a.m.9 views

UBUNTU-CVE-2024-6717

HashiCorp Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 1.8.1 archive unpacking during migration is vulnerable to path escaping of the allocation directory. This vulnerability, CVE-2024-6717, is fixed in Nomad 1.6.13, 1.7.10, and 1.8.2...

8.6CVSS5.7AI score0.00388EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/07/23 12:16 a.m.13 views

CVE-2024-6717 Nomad Vulnerable to Allocation Directory Path Escape Through Archive Unpacking

HashiCorp Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 1.8.1 archive unpacking during migration is vulnerable to path escaping of the allocation directory. This vulnerability, CVE-2024-6717, is fixed in Nomad 1.6.13, 1.7.10, and 1.8.2...

7.7CVSS6.7AI score0.00388EPSS
Exploits0References1
OSV
OSV
added 2024/07/23 12:16 a.m.10 views

CVE-2024-6717 Nomad Vulnerable to Allocation Directory Path Escape Through Archive Unpacking

HashiCorp Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 1.8.1 archive unpacking during migration is vulnerable to path escaping of the allocation directory. This vulnerability, CVE-2024-6717, is fixed in Nomad 1.6.13, 1.7.10, and 1.8.2...

7.7CVSS6.2AI score0.00388EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2024/07/23 12:0 a.m.12 views

CVE-2024-6717

HashiCorp Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 1.8.1 archive unpacking during migration is vulnerable to path escaping of the allocation directory. This vulnerability, CVE-2024-6717, is fixed in Nomad 1.6.13, 1.7.10, and 1.8.2...

8.6CVSS5.8AI score0.00388EPSS
Exploits0References2
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2024/07/22 10:54 p.m.6 views

Nomad Vulnerable to Allocation Directory Path Escape Through Archive Unpacking

Summary HashiCorp Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 1.8.1 archive unpacking during migration is vulnerable to path escaping of the allocation directory. This vulnerability, CVE-2024-6717, is fixed in Nomad 1.6.13, 1.7.10, and 1.8.2. Background Nomad creates a working directory fo...

8.6CVSS6.4AI score0.00388EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2024/06/05 12:0 a.m.3 views

OpenTelemetry Collector Buffer Error Vulnerability

OpenTelemetry Collector is a software from the OpenTelemetry project for receiving, processing, and exporting telemetry data. A security vulnerability exists in OpenTelemetry Collector that stems from the presence of an insecure unpacking vulnerability that allows an unauthenticated attacker to...

8.2CVSS6.8AI score0.00994EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2024/05/14 9:34 p.m.23 views

dotmesh arbitrary file read and/or write

Dotmesh is a git-like command-line interface for capturing, organizing and sharing application states. In versions 0.8.1 and prior, the unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations outside the designated target...

8.1CVSS6.3AI score0.00441EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2024/05/14 9:15 p.m.27 views

CVE-2020-26312

Dotmesh is a git-like command-line interface for capturing, organizing and sharing application states. In versions 0.8.1 and prior, the unsafe handling of symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations outside the designated target...

8.1CVSS7.8AI score0.00441EPSS
Exploits0References2
Rows per page
Query Builder