What is CVE-2024-7625?

CVE-2024-7625 is a medium-severity vulnerability in Hashicorp Nomad, classified under Externally Controlled Reference to a Resource in Another Sphere. CVSS score: 5.8/10. Published 2024-08-14.

How severe is CVE-2024-7625?

Medium severity. CVSS v3 base score is 5.8 out of 10.

Is CVE-2024-7625 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Hashicorp Nomad

CVE-2024-7625

In HashiCorp Nomad and Nomad Enterprise from 0.6.1 up to 1.6.13, 1.7.10, and 1.8.2, the archive unpacking process is vulnerable to writes outside the allocation directory during migration of allocation directories when multiple archive hea…

EPSS: 0.003 (53.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.8 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N.

Affected products

Hashicorp Nomad — versions 0.6.1
Hashicorp Nomad Enterprise — versions 0.6.1

Weakness classification (CWE)

CWE-610 — Externally Controlled Reference to a Resource in Another Sphere

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

discuss.hashicorp.com/t/hcsec-2024-17-nomad-vulnerable-to-allocation-directory-…

Frequently asked questions

What is CVE-2024-7625?: CVE-2024-7625 is a medium-severity vulnerability in Hashicorp Nomad, classified under Externally Controlled Reference to a Resource in Another Sphere. CVSS score: 5.8/10. Published 2024-08-14.
How severe is CVE-2024-7625?: Medium severity. CVSS v3 base score is 5.8 out of 10.
Is CVE-2024-7625 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.