GHSA-c866-8gpw-p3mv, CVE-2024-1329
go/github.com/hashicorp/nomad
Externally Controlled Reference to a Resource in Another Sphere
HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. Fixed in Nomad 1.7.4, 1.6.7, 1.5.14.
Version 1.5.13, all versions starting from 1.6.0 up to 1.6.6, version 1.7.3
Upgrade to versions 1.5.14, 1.6.7, 1.7.4 or above.
2024-02-12
source |