CVE-2024-1329

HIGH Year: 2024
CVSS v3 Score
7.5
High
Weakness Type
CWE-59
View all →

Vulnerability Description

HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. This vulnerability, CVE-2024-1329, is fixed in Nomad 1.7.4, 1.6.7, and 1.5.14.

Related Vulnerabilities

CVE-2000-0342

HIGH
CVSS:7.5(High)

Eudora 4.x allows remote attackers to bypass the user warning for executable attachments such as .exe, .com, and .bat by using a .lnk file that refers to the attachment, aka "Stealth Attachment."

CWE-592000

CVE-2001-1042

HIGH
CVSS:7.5(High)

Transsoft Broker 5.9.5.0 allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file.

CWE-592001

CVE-2001-1043

HIGH
CVSS:7.5(High)

ArGoSoft FTP Server 1.2.2.2 allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file.

CWE-592001

CVE-2001-1386

HIGH
CVSS:7.5(High)

WFTPD 3.00 allows remote attackers to read arbitrary files by uploading a (link) file that ends in a ".lnk." extension, which bypasses WFTPD's check for a ".lnk" extension.

CWE-592001

CVE-2002-2323

HIGH
CVSS:7.5(High)

Sun PC NetLink 1.0 through 1.2 does not properly set the access control list (ACL) for files and directories that use symbolic links and have been restored from backup, which could allow local or remo...

CWE-592002

CVE-2011-2765

HIGH
CVSS:7.5(High)

pyro before 3.15 unsafely handles pid files in temporary directory locations and opening the pid file as root. An attacker can use this flaw to overwrite arbitrary files via symlinks.

CWE-592011