{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "0.9.2" }, { "fixed": "1.0.18" }, { "introduced": "0.9.2" }, { "fixed": "1.0.18" }, { "introduced": "1.1.0" }, { "fixed": "1.1.12" }, { "introduced": "1.1.0" }, { "fixed": "1.1.12" }, { "introduced": "1.2.0" }, { "fixed": "1.2.6" }, { "introduced": "1.2.0" }, { "fixed": "1.2.6" } ] }, "events": [ { "introduced": "ef1dc3ad82840da6ab3708a839229303f79ae293" }, { "fixed": "7eb2ad21ae4a0a001cb89be92564fca09b1132e5" }, { "introduced": "ef1dc3ad82840da6ab3708a839229303f79ae293" }, { "fixed": "7eb2ad21ae4a0a001cb89be92564fca09b1132e5" }, { "introduced": "f99f1e27bb66bee36a1f3cdf00335e81e93ffff2" }, { "fixed": "8469293aa07056a0f8682e76716e12f0178fe4c8" }, { "introduced": "f99f1e27bb66bee36a1f3cdf00335e81e93ffff2" }, { "fixed": "8469293aa07056a0f8682e76716e12f0178fe4c8" }, { "introduced": "bee0c3e04eb4ce34b8ac22ff27fcb421a9dccec5" }, { "fixed": "95514d569610f15ce49b4a7a1a6bfd3e7b3e7b4f" }, { "introduced": "bee0c3e04eb4ce34b8ac22ff27fcb421a9dccec5" }, { "fixed": "95514d569610f15ce49b4a7a1a6bfd3e7b3e7b4f" } ], "repo": "https://github.com/hashicorp/nomad", "type": "GIT" } ] } ], "details": "HashiCorp Nomad and Nomad Enterprise 0.9.2 through 1.0.17, 1.1.11, and 1.2.5 allow operators with read-fs and alloc-exec (or job-submit) capabilities to read arbitrary files on the host filesystem as root.", "id": "CVE-2022-24683", "modified": "2026-03-15T21:50:33.557110201Z", "published": "2022-02-17T17:15:09.567Z", "references": [ { "type": "ADVISORY", "url": "https://discuss.hashicorp.com" }, { "type": "ADVISORY", "url": "https://discuss.hashicorp.com/t/hcsec-2022-02-nomad-alloc-filesystem-and-container-escape/35560" }, { "type": "ADVISORY", "url": "https://security.netapp.com/advisory/ntap-20220318-0008/" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "type": "CVSS_V3" } ] }