First published: Thu Feb 08 2024(Updated: )
HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. Fixed in Nomad 1.7.4, 1.6.7, 1.5.14.
Affected Software | Affected Version | How to fix |
---|---|---|
go/github.com/hashicorp/nomad | =1.7.3 | 1.7.4 |
go/github.com/hashicorp/nomad | >=1.6.0<=1.6.6 | 1.6.7 |
go/github.com/hashicorp/nomad | =1.5.13 | 1.5.14 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.