CVE-2024-1329

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Feb 8, 2024

Updated: Feb 15, 2024

CWE ID 610

Summary

CVE-2024-1329 is a newly disclosed vulnerability affecting HashiCorp Nomad versions 1.5.13 through 1.6.6 and 1.7.3. The issue lies within the template renderer component, which is susceptible to arbitrary file write attacks via symlink manipulation. An attacker can exploit this vulnerability to write malicious files on the host under the privileges of the Nomad client user. Nomad users are advised to update to versions 1.7.4, 1.6.7, or 1.5.14 to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

HashiCorp Nomad

Affected Vendors

HashiCorp Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/ucCvCQ
https://www.cve.org/CVERecord?id=CVE-2024-1329
https://nvd.nist.gov/vuln/detail/CVE-2024-1329

Back to Vulnerability Database