{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "0.3.0" }, { "fixed": "1.0.18" }, { "introduced": "0.3.0" }, { "fixed": "1.0.18" }, { "introduced": "1.1.0" }, { "fixed": "1.1.12" }, { "introduced": "1.1.0" }, { "fixed": "1.1.12" }, { "introduced": "1.2.0" }, { "fixed": "1.2.6" }, { "introduced": "1.2.0" }, { "fixed": "1.2.6" } ] }, "events": [ { "introduced": "a1e1de0d6c363dcf4fa6df5f6ce9b9993e33b6e6" }, { "fixed": "7eb2ad21ae4a0a001cb89be92564fca09b1132e5" }, { "introduced": "a1e1de0d6c363dcf4fa6df5f6ce9b9993e33b6e6" }, { "fixed": "7eb2ad21ae4a0a001cb89be92564fca09b1132e5" }, { "introduced": "f99f1e27bb66bee36a1f3cdf00335e81e93ffff2" }, { "fixed": "8469293aa07056a0f8682e76716e12f0178fe4c8" }, { "introduced": "f99f1e27bb66bee36a1f3cdf00335e81e93ffff2" }, { "fixed": "8469293aa07056a0f8682e76716e12f0178fe4c8" }, { "introduced": "bee0c3e04eb4ce34b8ac22ff27fcb421a9dccec5" }, { "fixed": "95514d569610f15ce49b4a7a1a6bfd3e7b3e7b4f" }, { "introduced": "bee0c3e04eb4ce34b8ac22ff27fcb421a9dccec5" }, { "fixed": "95514d569610f15ce49b4a7a1a6bfd3e7b3e7b4f" } ], "repo": "https://github.com/hashicorp/nomad", "type": "GIT" } ] } ], "details": "HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.11, and 1.2.5 artifact download functionality has a race condition such that the Nomad client agent could download the wrong artifact into the wrong destination. Fixed in 1.0.18, 1.1.12, and 1.2.6", "id": "CVE-2022-24686", "modified": "2026-03-13T21:47:47.606038189Z", "published": "2022-02-14T14:15:08.630Z", "references": [ { "type": "ADVISORY", "url": "https://discuss.hashicorp.com" }, { "type": "ADVISORY", "url": "https://discuss.hashicorp.com/t/hcsec-2022-01-nomad-artifact-download-race-condition/35559" }, { "type": "ADVISORY", "url": "https://security.netapp.com/advisory/ntap-20220318-0008/" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "type": "CVSS_V3" } ] }