4 matches found
CVE-2026-6983 pagekit download server-side request forgery
A vulnerability was identified in pagekit up to 1.0.18. Affected by this issue is some unknown functionality of the file /index.php/admin/system/update/download. The manipulation of the argument url leads to server-side request forgery. Remote exploitation of the attack is possible. The exploit i...
CVE-2022-24685
HashiCorp Nomad and Nomad Enterprise 1.0.17, 1.1.11, and 1.2.5 allow invalid HCL for the jobs parse endpoint, which may cause excessive CPU usage. Fixed in 1.0.18, 1.1.12, and 1.2.6...
Nomad alloc Filesystem and Container Escape
Summary Nomad and Nomad Enterprise “Nomad” allows operators with read-fs and alloc-exec or job-submit capabilities to read arbitrary files on the host filesystem as root through the Nomad client agent. This vulnerability, CVE-2022-24683, was fixed in Nomad 1.0.18, 1.1.12, and 1.2.6. Background...
Nomad Artifact Download Race Condition
Summary Nomad and Nomad Enterprise “Nomad” artifact download functionality had a race condition such that the Nomad client agent could download the wrong artifact into the wrong destination. This vulnerability, CVE-2022-24686, was fixed in Nomad 1.0.18, 1.1.12, and 1.2.6. Background Nomad uses th...