[Git][security-tracker-team/security-tracker][master] Add notes for nomad CVEs CVE-2022-24684 CVE-2022-24685 CVE-2021-43415
Neil Williams (@codehelp)
codehelp at debian.org
Tue Apr 26 12:20:15 BST 2022
Neil Williams pushed to branch master at Debian Security Tracker / security-tracker
Commits:
8f68bed7 by Neil Williams at 2022-04-26T12:19:46+01:00
Add notes for nomad CVEs CVE-2022-24684 CVE-2022-24685 CVE-2021-43415
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -14103,11 +14103,14 @@ CVE-2022-24686 (HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.1
- nomad <unfixed>
NOTE: https://discuss.hashicorp.com/t/hcsec-2022-01-nomad-artifact-download-race-condition/35559
CVE-2022-24685 (HashiCorp Nomad and Nomad Enterprise 1.x before 1.0.17, 1.1.x before 1 ...)
- - nomad <undetermined>
+ - nomad <unfixed>
NOTE: https://discuss.hashicorp.com/t/hcsec-2022-03-nomad-malformed-job-parsing-results-in-excessive-cpu-usage/35561
+ NOTE: https://github.com/hashicorp/nomad/issues/12038
CVE-2022-24684 (HashiCorp Nomad and Nomad Enterprise before 1.0.17, 1.1.x before 1.1.1 ...)
- - nomad <undetermined>
+ - nomad <unfixed>
NOTE: https://discuss.hashicorp.com/t/hcsec-2022-04-nomad-spread-job-stanza-may-trigger-panic-in-servers/35562
+ NOTE: https://github.com/hashicorp/nomad/issues/12039
+ NOTE: https://github.com/hashicorp/nomad/commit/c49359ad58f0af18a5697a0b7b9b6cca9656d267 (v1.2.6)
CVE-2022-24683 (HashiCorp Nomad and Nomad Enterprise 0.9.2 through 1.0.17, 1.1.11, and ...)
- nomad <unfixed>
NOTE: https://discuss.hashicorp.com/t/hcsec-2022-02-nomad-alloc-filesystem-and-container-escape/35560
@@ -32729,9 +32732,11 @@ CVE-2021-43417
CVE-2021-43416
RESERVED
CVE-2021-43415 (HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, w ...)
- - nomad <undetermined>
+ - nomad <unfixed>
NOTE: https://discuss.hashicorp.com/t/hcsec-2021-31-nomad-qemu-task-driver-allowed-paths-bypass-with-job-args/32288
- TODO: check
+ NOTE: https://github.com/hashicorp/nomad/issues/11542
+ NOTE: https://github.com/hashicorp/nomad/pull/11554
+ NOTE: https://github.com/hashicorp/nomad/commit/40de248b940eb7babbd4a08ebe9d6874758f5285 (v1.2.1)
CVE-2021-43414 (An issue was discovered in GNU Hurd before 0.9 20210404-9. The use of ...)
- hurd 1:0.9.git20210404-9
CVE-2021-43413 (An issue was discovered in GNU Hurd before 0.9 20210404-9. A single pa ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8f68bed7f741d2ddf81d7b112042c4daffa05174
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8f68bed7f741d2ddf81d7b112042c4daffa05174
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220426/6d0322e2/attachment.htm>
More information about the debian-security-tracker-commits
mailing list