Fluid Attacks Database

Description

Privilege escalation in Hashicorp Nomad HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were impacted by go-getter vulnerabilities enabling privilege escalation through the artifact stanza in submitted jobs onto the client agent host. Fixed in 1.1.14, 1.2.8, and 1.3.1.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
go	github.com/hashicorp/nomad	>=0.2.0 <1.1.14 \|\| >=1.2.0 <1.2.8 \|\| >=1.3.0 <1.3.1	1.1.14, 1.2.8, 1.3.1

Aliases

1. CVE-2022-303242. NVD-2022-303243. OSV-2022-303244. GCVE-2022-30324

References

1. https://discuss.hashicorp.com2. https://discuss.hashicorp.com/t/hcsec-2022-14-nomad-impacted-by-go-getter-vulnerabilities/39932

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.