Lucene search
Veracode Vulnerability DatabaseVERACODE:37540HistoryOct 13, 2022 - 6:15 a.m.
Denial Of Service (DOS)
2022-10-1306:15:29
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
hashicorp nomad
denial of service
gcs urls
newgetter function
application crash
0.001 Low
EPSS
Percentile
35.0%
Hashicorp Nomad is vulnerable to Denial of Service (DOS). The vulnerability exists due to the lack of GCS URLs validation in the NewGetter function of getter.go which allows an attacker to cause an application crash.
References
discuss.hashicorp.com
discuss.hashicorp.com/t/hcsec-2022-22-nomad-panics-on-job-submission-with-bad-artifact-stanza-source-url/45420
github.com/advisories/GHSA-7v3g-4878-5qrf
github.com/hashicorp/nomad/commit/1b831f3da40079607936cdc157e6c1d9cd1bc42b
github.com/hashicorp/nomad/commit/2f879d80c9499e07ec84931700e08cf2fe1d8662
github.com/hashicorp/nomad/commit/bdb3409c59363882ddb9a85be55b530573d1a9d8
github.com/hashicorp/nomad/pull/14696
github.com/hashicorp/nomad/pull/14705
github.com/hashicorp/nomad/pull/14706
Related
osv
osv
CVE-2022-41606
2022-10-12 00:15:10
Nomad Panics On Job Submission With Bad Artifact Stanza Source URL
2022-10-12 12:00:21
nvd
nvd
CVE-2022-41606
2022-10-12 00:15:10
prion
prion
Denial of service
2022-10-12 00:15:00
alpinelinux
alpinelinux
CVE-2022-41606
2022-10-12 00:15:00
github
github
Nomad Panics On Job Submission With Bad Artifact Stanza Source URL
2022-10-12 12:00:21
debiancve
debiancve
CVE-2022-41606
2022-10-12 00:15:00
cvelist
cvelist
CVE-2022-41606
2022-10-11 00:00:00
cve
cve
CVE-2022-41606
2022-10-12 00:15:10
ubuntucve
ubuntucve
CVE-2022-41606
2022-10-12 00:00:00