CVE-2024-1329 HIGH

CVE-2024-1329: Nomad Vulnerable to Arbitrary Write Through Symlink Attack

Vendor Hashicorp
Product Nomad
Weakness CWE-59
Published February 8, 2024
Last update September 26, 2024

CVSS base score

7.7/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H

What the vulnerability does

01Description

HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. This vulnerability, CVE-2024-1329, is fixed in Nomad 1.7.4, 1.6.7, and 1.5.14.

Key dates

02Disclosure timeline

February 8, 2024 CVE published
September 26, 2024 Record updated