11 matches found
EUVD-2024-0612
Malicious code in bioql PyPI...
Arbitrary File Write
github.com/hashicorp/nomad is vulnerable to Arbitrary File Write. The vulnerability is due to improper handling of symlinks by the template renderer. The attacker can manipulate file paths and write arbitrary files to the host system...
HashiCorp Nomad vulnerable to symlink attacks
HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. Fixed in Nomad 1.7.4, 1.6.7, 1.5.14...
CVE-2024-1329
HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. This vulnerability, CVE-2024-1329, is fixed in Nomad 1.7.4, 1.6.7, and 1.5.14...
CVE-2024-1329
HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. This vulnerability, CVE-2024-1329, is fixed in Nomad 1.7.4, 1.6.7, and 1.5.14...
Design/Logic Flaw
HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. Fixed in Nomad 1.7.4, 1.6.7, 1.5.14...
CVE-2024-1329
CVE-2024-1329 affects HashiCorp Nomad and Nomad Enterprise (1.5.13 up to 1.6.6, and 1.7.3) where the template renderer allows arbitrary file write on the host via symlink attacks, executable by the Nomad client user. Root cause is a symlink/templating path exposure enabling host file writes. Impa...
CVE-2024-1329 Nomad Vulnerable to Arbitrary Write Through Symlink Attack
HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. This vulnerability, CVE-2024-1329, is fixed in Nomad 1.7.4, 1.6.7, and 1.5.14...
CVE-2024-1329 Nomad Vulnerable to Arbitrary Write Through Symlink Attack
HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. This vulnerability, CVE-2024-1329, is fixed in Nomad 1.7.4, 1.6.7, and 1.5.14...
PT-2024-7109 · Hashicorp +1 · Nomad +2
Name of the Vulnerable Software and Affected Versions: HashiCorp Nomad and Nomad Enterprise versions 1.5.13 through 1.6.6 and version 1.7.3 Description: The template renderer in HashiCorp Nomad and Nomad Enterprise is vulnerable to arbitrary file write on the host as the Nomad client user through...
Malicious code in experience-template-renderer-react (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware afa26f6f8649c313b48cb94b98dd23d01c15d0bc8cce3dfdfa2af4e410b133ec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...