How severe is CVE-2024-7625?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.8 out of 10.

What type of vulnerability is CVE-2024-7625?

This is classified as CWE-610, which is a common weakness in software security.

CVE-2024-7625 - MEDIUM Severity | CVSS 5.8

Vulnerability Description

In HashiCorp Nomad and Nomad Enterprise from 0.6.1 up to 1.6.13, 1.7.10, and 1.8.2, the archive unpacking process is vulnerable to writes outside the allocation directory during migration of allocation directories when multiple archive headers target the same file. This vulnerability, CVE-2024-7625, is fixed in Nomad 1.6.14, 1.7.11, and 1.8.3. Access or compromise of the Nomad client agent at the source allocation first is a prerequisite for leveraging this vulnerability.

Related Vulnerabilities

CVE-2020-8226

MEDIUM

CVSS:5.8(Medium)

A vulnerability exists in phpBB <v3.2.10 and <v3.3.1 which allowed remote image dimensions check to be used to SSRF.

CWE-6102020

CVE-2023-35838

MEDIUM

CVSS:5.7(Medium)

The WireGuard client 0.5.3 on Windows insecurely configures the operating system and firewall such that traffic to a local network that uses non-RFC1918 IP addresses is blocked. This allows an adversa...

CWE-6102023

CVE-2024-24818

MEDIUM

CVSS:5.9(Medium)

EspoCRM is an Open Source Customer Relationship Management software. An attacker can inject arbitrary IP or domain in "Password Change" page and redirect victim to malicious page that could lead to cr...

CWE-6102024

CVE-2023-44209

MEDIUM

CVSS:5.6(Medium)

Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 29051.

CWE-6102023

CVE-2017-0211

MEDIUM

CVSS:5.5(Medium)

An elevation of privilege vulnerability exists in Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 versions of Microsoft Windows OLE when i...

CWE-6102017

CVE-2019-15468

MEDIUM

CVSS:5.5(Medium)

The Xiaomi Mi A2 Lite Android device with a build fingerprint of xiaomi/daisy/daisy_sprout:9/PKQ1.180917.001/V10.0.3.0.PDLMIXM:user/release-keys contains a pre-installed app with a package name of com...

CWE-6102019