Multiple vulnerabilities in HashiCorp Nomad
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2024-21626 CVE-2024-1329 |
| CWE-ID | CWE-254 CWE-61 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software Subscribe |
Nomad Enterprise Web applications / Modules and components for CMS |
| Vendor | HashiCorp |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Security features bypass
EUVDB-ID: #VU85991
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C]
CVE-ID: CVE-2024-21626
CWE-ID:
CWE-254 - Security Features
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to an internal file descriptor leak that can cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace or a malicious image to allow a container process to gain access to the host filesystem through runc run. A remote attacker can trick the victim into loading a malicious image to bypass sandbox restrictions and execute arbitrary code on the host OS.
Install update from vendor's website.
Vulnerable software versionsNomad Enterprise: 1.0.0 - 1.7.3
External linkshttp://github.com/hashicorp/nomad/releases/tag/v1.5.14
http://github.com/hashicorp/nomad/releases/tag/v1.6.7
http://github.com/hashicorp/nomad/releases/tag/v1.7.4
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
2) UNIX symbolic link following
EUVDB-ID: #VU86277
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-1329
CWE-ID:
CWE-61 - UNIX Symbolic Link (Symlink) Following
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a symlink following issue. A local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application.
Successful exploitation of this vulnerability may result in privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsNomad Enterprise: 1.0.0 - 1.7.3
External linkshttp://github.com/hashicorp/nomad/releases/tag/v1.5.14
http://github.com/hashicorp/nomad/issues/19888
http://github.com/hashicorp/nomad/releases/tag/v1.6.7
http://github.com/hashicorp/nomad/releases/tag/v1.7.4
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
