CVE-2022-24686

NameCVE-2022-24686
DescriptionHashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.11, and 1.2.5 artifact download functionality has a race condition such that the Nomad client agent could download the wrong artifact into the wrong destination. Fixed in 1.0.18, 1.1.12, and 1.2.6
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1021273

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
nomadsource(unstable)(unfixed)1021273

Notes

https://discuss.hashicorp.com/t/hcsec-2022-01-nomad-artifact-download-race-condition/35559

Search for package or bug name: Reporting problems