HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. Fixed in Nomad 1.7.4, 1.6.7, 1.5.14.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: HashiCorp
Published: 2024-02-08T19:20:10.831Z
Updated: 2024-08-01T18:33:25.694Z
Reserved: 2024-02-07T19:00:15.653Z
Link: CVE-2024-1329
Vulnrichment
Updated: 2024-08-01T18:33:25.694Z
NVD
Status : Analyzed
Published: 2024-02-08T20:15:52.643
Modified: 2024-02-15T18:27:28.837
Link: CVE-2024-1329
Redhat
No data.