Fluid Attacks Database

Description

Nomad Spread Job Stanza May Trigger Panic in Servers Nomad and Nomad Enterprise allows operators with job-submit capabilities to use the spread stanza in a way such that it can cause panic in Nomad servers. This vulnerability, CVE-2022-24684, was fixed in Nomad 1.0.18, 1.1.12, and 1.2.6.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
go	github.com/hashicorp/nomad	>=0.9.0 <1.0.18 \|\| >=1.1.0 <1.1.12 \|\| >=1.2.0 <1.2.6	1.0.18, 1.1.12, 1.2.6

Aliases

1. CVE-2022-246842. NVD-2022-246843. OSV-2022-246844. GCVE-2022-24684

References

1. https://discuss.hashicorp.com/t/hcsec-2022-04-nomad-spread-job-stanza-may-trigger-panic-in-servers2. https://discuss.hashicorp.com/t/hcsec-2022-04-nomad-spread-job-stanza-may-trigger-panic-in-servers/355623. https://security.netapp.com/advisory/ntap-20220318-0008