{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T20:24:15.456","vulnerabilities":[{"cve":{"id":"CVE-2024-10975","sourceIdentifier":"security@hashicorp.com","published":"2024-11-07T21:15:06.383","lastModified":"2025-12-29T17:17:03.110","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Nomad Community and Nomad Enterprise (\"Nomad\") volume specification is vulnerable to arbitrary cross-namespace volume creation through unauthorized Container Storage Interface (CSI) volume writes. This vulnerability, identified as CVE-2024-10975, is fixed in Nomad Community Edition 1.9.2 and Nomad Enterprise 1.9.2, 1.8.7, and 1.7.15."},{"lang":"es","value":"La especificación de volúmenes de Nomad Community y Nomad Enterprise (\"Nomad\") es vulnerable a la creación arbitraria de volúmenes entre espacios de nombres mediante escrituras no autorizadas en volúmenes de la Interfaz de almacenamiento de contenedores (CSI). Esta vulnerabilidad, identificada como CVE-2024-10975, se ha corregido en Nomad Community Edition 1.9.2 y Nomad Enterprise 1.9.2, 1.8.7 y 1.7.15."}],"metrics":{"cvssMetricV31":[{"source":"security@hashicorp.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":4.0}]},"weaknesses":[{"source":"security@hashicorp.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hashicorp:nomad:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"1.3.0","versionEndExcluding":"1.7.15","matchCriteriaId":"CD7507C6-5E21-41A1-886E-2A801BC2FFAF"},{"vulnerable":true,"criteria":"cpe:2.3:a:hashicorp:nomad:*:*:*:*:-:*:*:*","versionStartIncluding":"1.3.0","versionEndExcluding":"1.9.2","matchCriteriaId":"C7D339DE-A8C9-47C5-94C8-37E532BB6A69"},{"vulnerable":true,"criteria":"cpe:2.3:a:hashicorp:nomad:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"1.8.0","versionEndExcluding":"1.8.7","matchCriteriaId":"25D8E93B-1F4C-4298-BB64-358014A5E9D8"},{"vulnerable":true,"criteria":"cpe:2.3:a:hashicorp:nomad:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"1.9.0","versionEndExcluding":"1.9.2","matchCriteriaId":"FD4C121D-54C3-4E0F-A334-03A92346801B"}]}]}],"references":[{"url":"https://discuss.hashicorp.com/t/hcsec-2024-27-nomad-vulnerable-to-cross-namespace-volume-creation-abusing-csi-write-permission","source":"security@hashicorp.com","tags":["Vendor Advisory"]}]}}]}