CVE-CVE-2024-6717 | HIGH Severity | CVEDatabase.com

Description

HashiCorp Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 1.8.1 archive unpacking during migration is vulnerable to path escaping of the allocation directory. This vulnerability, CVE-2024-6717, is fixed in Nomad 1.6.13, 1.7.10, and 1.8.2.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
Attack Vector: network
Complexity: low
Privileges: low
User Action: none
Scope: changed
Confidentiality: none
Integrity: high
Availability: none
Weaknesses: CWE-610

Metadata

Primary Vendor: HASHICORP
Published: 7/23/2024
Last Modified: 1/2/2026
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

hashicorp : nomadhashicorp : nomadhashicorp : nomadhashicorp : nomadhashicorp : nomadhashicorp : nomad

AI-Powered Remediation

Generate remediation guidance or a C-suite brief for this vulnerability.

Executive Intelligence Brief

View on NIST NVD