CVE-2022-30324
First published: Fri May 27 2022(Updated: )
HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were impacted by go-getter vulnerabilities enabling privilege escalation through the artifact stanza in submitted jobs onto the client agent host. Fixed in 1.1.14, 1.2.8, and 1.3.1.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| HashiCorp Nomad | >=0.2.0<1.1.14 | |
| HashiCorp Nomad | >=0.2.0<1.1.14 | |
| HashiCorp Nomad | >=1.2.0<1.2.8 | |
| HashiCorp Nomad | >=1.2.0<1.2.8 | |
| HashiCorp Nomad | =1.3.0 | |
| HashiCorp Nomad | =1.3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this HashiCorp Nomad vulnerability?
The vulnerability ID for this HashiCorp Nomad vulnerability is CVE-2022-30324.
What is the severity of CVE-2022-30324?
The severity of CVE-2022-30324 is critical with a CVSS score of 9.8.
How can privilege escalation be achieved through the vulnerability?
Privilege escalation can be achieved through the artifact stanza in submitted jobs onto the client agent host.
Which versions of HashiCorp Nomad and Nomad Enterprise are affected by the vulnerability?
HashiCorp Nomad and Nomad Enterprise versions 0.2.0 up to 1.3.0 are affected by the vulnerability.
How can I fix CVE-2022-30324?
The vulnerability is fixed in HashiCorp Nomad versions 1.1.14, 1.2.8, and 1.3.1.
- collector/nvd-index
- agent/type
- agent/references
- agent/severity
- agent/author
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/hashicorp
- canonical/hashicorp nomad
- version/hashicorp nomad/0.2.0
- version/hashicorp nomad/1.2.0
- version/hashicorp nomad/1.3.0