Invalid S3 or GCS URLs in Nomad job artifact stanza can cause client agent crashes

Invalid S3 or GCS URLs in Nomad job artifact stanza can cause client agent crashes

CVE-2022-41606 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

HashiCorp Nomad and Nomad Enterprise 1.0.2 up to 1.2.12, and 1.3.5 jobs submitted with an artifact stanza using invalid S3 or GCS URLs can be used to crash client agents. Fixed in 1.2.13, 1.3.6, and 1.4.0.

Learn more about our Web Application Penetration Testing UK.