Privilege Escalation through Artifact Stanza in HashiCorp Nomad

Privilege Escalation through Artifact Stanza in HashiCorp Nomad

CVE-2022-30324 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were impacted by go-getter vulnerabilities enabling privilege escalation through the artifact stanza in submitted jobs onto the client agent host. Fixed in 1.1.14, 1.2.8, and 1.3.1.

Learn more about our Web Application Penetration Testing UK.