{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-09T23:53:40.339","vulnerabilities":[{"cve":{"id":"CVE-2024-7625","sourceIdentifier":"security@hashicorp.com","published":"2024-08-15T00:15:13.127","lastModified":"2025-12-29T17:16:05.853","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In HashiCorp Nomad and Nomad Enterprise from 0.6.1 up to 1.6.13, 1.7.10, and 1.8.2, the archive unpacking process is vulnerable to writes outside the allocation directory during migration of allocation directories when multiple archive headers target the same file. This vulnerability, CVE-2024-7625, is fixed in Nomad 1.6.14, 1.7.11, and 1.8.3. Access or compromise of the Nomad client agent at the source allocation first is a prerequisite for leveraging this vulnerability."},{"lang":"es","value":" En HashiCorp Nomad y Nomad Enterprise desde 0.6.1 hasta 1.16.13, 1.7.10 y 1.8.2, el proceso de descompresión del archivo es vulnerable a escrituras fuera del directorio de asignación durante la migración de directorios de asignación cuando varios encabezados de archivo apuntan al mismo archivo. . Esta vulnerabilidad, CVE-2024-7625, se solucionó en Nomad 1.6.14, 1.7.11 y 1.8.3. El acceso o el compromiso del agente del cliente Nomad en la asignación de origen primero es un requisito previo para aprovechar esta vulnerabilidad."}],"metrics":{"cvssMetricV31":[{"source":"security@hashicorp.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N","baseScore":5.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.3,"impactScore":4.0}]},"weaknesses":[{"source":"security@hashicorp.com","type":"Secondary","description":[{"lang":"en","value":"CWE-610"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hashicorp:nomad:*:*:*:*:-:*:*:*","versionStartIncluding":"0.6.1","versionEndExcluding":"1.6.14","matchCriteriaId":"D141BA2B-588E-4EBE-B548-C9A1F61D9489"},{"vulnerable":true,"criteria":"cpe:2.3:a:hashicorp:nomad:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"0.6.1","versionEndExcluding":"1.6.14","matchCriteriaId":"520F851F-9517-4C9E-88B1-46E2CB5FB570"},{"vulnerable":true,"criteria":"cpe:2.3:a:hashicorp:nomad:*:*:*:*:-:*:*:*","versionStartIncluding":"1.7.0","versionEndExcluding":"1.7.11","matchCriteriaId":"C6C3E33D-C409-4DDB-86B4-48376EAA7AD3"},{"vulnerable":true,"criteria":"cpe:2.3:a:hashicorp:nomad:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"1.7.0","versionEndExcluding":"1.7.11","matchCriteriaId":"7F8371D0-E779-4707-959D-5C13492D9F19"},{"vulnerable":true,"criteria":"cpe:2.3:a:hashicorp:nomad:*:*:*:*:-:*:*:*","versionStartIncluding":"1.8.0","versionEndIncluding":"1.8.3","matchCriteriaId":"0A88FAA7-2140-485D-ADAF-07FD7E48B680"},{"vulnerable":true,"criteria":"cpe:2.3:a:hashicorp:nomad:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"1.8.0","versionEndExcluding":"1.8.3","matchCriteriaId":"FC9DA7B9-9F9A-4414-BDFE-084B3879DED9"}]}]}],"references":[{"url":"https://discuss.hashicorp.com/t/hcsec-2024-17-nomad-vulnerable-to-allocation-directory-escape-on-non-existing-file-paths-through-archive-unpacking/69293","source":"security@hashicorp.com","tags":["Vendor Advisory"]}]}}]}