Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-mt6v-wu59-2fe3

Summary

Arbitrary file reads in HashiCorp Nomad
Nomad is an easy-to-use, flexible, and performant workload orchestrator that can deploy a mix of microservice, batch, containerized, and non-containerized applications. HashiCorp Nomad and Nomad Enterprise 0.9.2 through 1.0.17, 1.1.11, and 1.2.5 allow operators with read-fs and alloc-exec (or job-submit) capabilities to read arbitrary files on the host filesystem as root. There are currently no known workarounds. Users are recommended to upgrade as soon as possible to avoid this issue.

Aliases

alias	CVE-2022-24683

alias	GHSA-wmrx-57hm-mw7r

Fixed_packages

url	pkg:apk/alpine/nomad@1.1.12-r0?arch=ppc64le&distroversion=v3.15&reponame=community
purl	pkg:apk/alpine/nomad@1.1.12-r0?arch=ppc64le&distroversion=v3.15&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nomad@1.1.12-r0%3Farch=ppc64le&distroversion=v3.15&reponame=community

url	pkg:apk/alpine/nomad@1.1.12-r0?arch=aarch64&distroversion=v3.15&reponame=community
purl	pkg:apk/alpine/nomad@1.1.12-r0?arch=aarch64&distroversion=v3.15&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nomad@1.1.12-r0%3Farch=aarch64&distroversion=v3.15&reponame=community

url	pkg:apk/alpine/nomad@1.1.12-r0?arch=armhf&distroversion=v3.15&reponame=community
purl	pkg:apk/alpine/nomad@1.1.12-r0?arch=armhf&distroversion=v3.15&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nomad@1.1.12-r0%3Farch=armhf&distroversion=v3.15&reponame=community

url	pkg:apk/alpine/nomad@1.1.12-r0?arch=armv7&distroversion=v3.15&reponame=community
purl	pkg:apk/alpine/nomad@1.1.12-r0?arch=armv7&distroversion=v3.15&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nomad@1.1.12-r0%3Farch=armv7&distroversion=v3.15&reponame=community

url	pkg:apk/alpine/nomad@1.1.12-r0?arch=s390x&distroversion=v3.15&reponame=community
purl	pkg:apk/alpine/nomad@1.1.12-r0?arch=s390x&distroversion=v3.15&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nomad@1.1.12-r0%3Farch=s390x&distroversion=v3.15&reponame=community

url	pkg:apk/alpine/nomad@1.1.12-r0?arch=x86&distroversion=v3.15&reponame=community
purl	pkg:apk/alpine/nomad@1.1.12-r0?arch=x86&distroversion=v3.15&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nomad@1.1.12-r0%3Farch=x86&distroversion=v3.15&reponame=community

url	pkg:apk/alpine/nomad@1.1.12-r0?arch=x86_64&distroversion=v3.15&reponame=community
purl	pkg:apk/alpine/nomad@1.1.12-r0?arch=x86_64&distroversion=v3.15&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nomad@1.1.12-r0%3Farch=x86_64&distroversion=v3.15&reponame=community

url	pkg:apk/alpine/nomad@1.2.6-r0?arch=aarch64&distroversion=v3.16&reponame=community
purl	pkg:apk/alpine/nomad@1.2.6-r0?arch=aarch64&distroversion=v3.16&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nomad@1.2.6-r0%3Farch=aarch64&distroversion=v3.16&reponame=community

url	pkg:apk/alpine/nomad@1.2.6-r0?arch=armhf&distroversion=v3.16&reponame=community
purl	pkg:apk/alpine/nomad@1.2.6-r0?arch=armhf&distroversion=v3.16&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nomad@1.2.6-r0%3Farch=armhf&distroversion=v3.16&reponame=community

url	pkg:apk/alpine/nomad@1.2.6-r0?arch=armv7&distroversion=v3.16&reponame=community
purl	pkg:apk/alpine/nomad@1.2.6-r0?arch=armv7&distroversion=v3.16&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nomad@1.2.6-r0%3Farch=armv7&distroversion=v3.16&reponame=community

url	pkg:apk/alpine/nomad@1.2.6-r0?arch=ppc64le&distroversion=v3.16&reponame=community
purl	pkg:apk/alpine/nomad@1.2.6-r0?arch=ppc64le&distroversion=v3.16&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nomad@1.2.6-r0%3Farch=ppc64le&distroversion=v3.16&reponame=community

url	pkg:apk/alpine/nomad@1.2.6-r0?arch=s390x&distroversion=v3.16&reponame=community
purl	pkg:apk/alpine/nomad@1.2.6-r0?arch=s390x&distroversion=v3.16&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nomad@1.2.6-r0%3Farch=s390x&distroversion=v3.16&reponame=community

url	pkg:apk/alpine/nomad@1.2.6-r0?arch=x86&distroversion=v3.16&reponame=community
purl	pkg:apk/alpine/nomad@1.2.6-r0?arch=x86&distroversion=v3.16&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nomad@1.2.6-r0%3Farch=x86&distroversion=v3.16&reponame=community

url	pkg:apk/alpine/nomad@1.2.6-r0?arch=x86_64&distroversion=v3.16&reponame=community
purl	pkg:apk/alpine/nomad@1.2.6-r0?arch=x86_64&distroversion=v3.16&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nomad@1.2.6-r0%3Farch=x86_64&distroversion=v3.16&reponame=community

url	pkg:apk/alpine/nomad@1.2.6-r0?arch=armv7&distroversion=v3.17&reponame=community
purl	pkg:apk/alpine/nomad@1.2.6-r0?arch=armv7&distroversion=v3.17&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nomad@1.2.6-r0%3Farch=armv7&distroversion=v3.17&reponame=community

url	pkg:apk/alpine/nomad@1.2.6-r0?arch=ppc64le&distroversion=v3.17&reponame=community
purl	pkg:apk/alpine/nomad@1.2.6-r0?arch=ppc64le&distroversion=v3.17&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nomad@1.2.6-r0%3Farch=ppc64le&distroversion=v3.17&reponame=community

url	pkg:apk/alpine/nomad@1.2.6-r0?arch=s390x&distroversion=v3.17&reponame=community
purl	pkg:apk/alpine/nomad@1.2.6-r0?arch=s390x&distroversion=v3.17&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nomad@1.2.6-r0%3Farch=s390x&distroversion=v3.17&reponame=community

url	pkg:apk/alpine/nomad@1.2.6-r0?arch=x86&distroversion=v3.17&reponame=community
purl	pkg:apk/alpine/nomad@1.2.6-r0?arch=x86&distroversion=v3.17&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nomad@1.2.6-r0%3Farch=x86&distroversion=v3.17&reponame=community

url	pkg:apk/alpine/nomad@1.2.6-r0?arch=x86_64&distroversion=v3.17&reponame=community
purl	pkg:apk/alpine/nomad@1.2.6-r0?arch=x86_64&distroversion=v3.17&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nomad@1.2.6-r0%3Farch=x86_64&distroversion=v3.17&reponame=community

url	pkg:apk/alpine/nomad@1.2.6-r0?arch=aarch64&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/nomad@1.2.6-r0?arch=aarch64&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nomad@1.2.6-r0%3Farch=aarch64&distroversion=v3.18&reponame=community

url	pkg:apk/alpine/nomad@1.2.6-r0?arch=armhf&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/nomad@1.2.6-r0?arch=armhf&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nomad@1.2.6-r0%3Farch=armhf&distroversion=v3.18&reponame=community

url	pkg:apk/alpine/nomad@1.2.6-r0?arch=armv7&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/nomad@1.2.6-r0?arch=armv7&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nomad@1.2.6-r0%3Farch=armv7&distroversion=v3.18&reponame=community

url	pkg:apk/alpine/nomad@1.2.6-r0?arch=s390x&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/nomad@1.2.6-r0?arch=s390x&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nomad@1.2.6-r0%3Farch=s390x&distroversion=v3.18&reponame=community

url	pkg:apk/alpine/nomad@1.2.6-r0?arch=x86&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/nomad@1.2.6-r0?arch=x86&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nomad@1.2.6-r0%3Farch=x86&distroversion=v3.18&reponame=community

url	pkg:apk/alpine/nomad@1.2.6-r0?arch=x86_64&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/nomad@1.2.6-r0?arch=x86_64&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nomad@1.2.6-r0%3Farch=x86_64&distroversion=v3.18&reponame=community

url	pkg:apk/alpine/nomad@1.2.6-r0?arch=aarch64&distroversion=v3.17&reponame=community
purl	pkg:apk/alpine/nomad@1.2.6-r0?arch=aarch64&distroversion=v3.17&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nomad@1.2.6-r0%3Farch=aarch64&distroversion=v3.17&reponame=community

url	pkg:apk/alpine/nomad@1.2.6-r0?arch=armhf&distroversion=v3.17&reponame=community
purl	pkg:apk/alpine/nomad@1.2.6-r0?arch=armhf&distroversion=v3.17&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nomad@1.2.6-r0%3Farch=armhf&distroversion=v3.17&reponame=community

url	pkg:apk/alpine/nomad@1.2.6-r0?arch=ppc64le&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/nomad@1.2.6-r0?arch=ppc64le&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/nomad@1.2.6-r0%3Farch=ppc64le&distroversion=v3.18&reponame=community

url	pkg:golang/github.com/hashicorp/nomad@1.0.18
purl	pkg:golang/github.com/hashicorp/nomad@1.0.18
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:golang/github.com/hashicorp/nomad@1.0.18

url	pkg:golang/github.com/hashicorp/nomad@1.1.12
purl	pkg:golang/github.com/hashicorp/nomad@1.1.12
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:golang/github.com/hashicorp/nomad@1.1.12

url	pkg:golang/github.com/hashicorp/nomad@1.2.6
purl	pkg:golang/github.com/hashicorp/nomad@1.2.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:golang/github.com/hashicorp/nomad@1.2.6

Affected_packages

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-24683

reference_id

reference_type

scores

value	0.00474
scoring_system	epss
scoring_elements	0.64777
published_at	2026-04-21T12:55:00Z

value	0.00474
scoring_system	epss
scoring_elements	0.6478
published_at	2026-04-16T12:55:00Z

value	0.00474
scoring_system	epss
scoring_elements	0.64742
published_at	2026-04-13T12:55:00Z

value	0.00474
scoring_system	epss
scoring_elements	0.6477
published_at	2026-04-12T12:55:00Z

value	0.00474
scoring_system	epss
scoring_elements	0.64781
published_at	2026-04-11T12:55:00Z

value	0.00474
scoring_system	epss
scoring_elements	0.64764
published_at	2026-04-09T12:55:00Z

value	0.00474
scoring_system	epss
scoring_elements	0.6475
published_at	2026-04-08T12:55:00Z

value	0.00474
scoring_system	epss
scoring_elements	0.6479
published_at	2026-04-18T12:55:00Z

value	0.00474
scoring_system	epss
scoring_elements	0.64702
published_at	2026-04-07T12:55:00Z

value	0.00474
scoring_system	epss
scoring_elements	0.64744
published_at	2026-04-04T12:55:00Z

value	0.00474
scoring_system	epss
scoring_elements	0.64716
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-24683

reference_url

https://discuss.hashicorp.com

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://discuss.hashicorp.com

reference_url

https://discuss.hashicorp.com/t/hcsec-2022-02-nomad-alloc-filesystem-and-container-escape/35560

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://discuss.hashicorp.com/t/hcsec-2022-02-nomad-alloc-filesystem-and-container-escape/35560

reference_url

https://github.com/hashicorp/nomad/commit/1aa46c3796e924b72eb45a7f02dae32df0c1179c

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/hashicorp/nomad/commit/1aa46c3796e924b72eb45a7f02dae32df0c1179c

reference_url

https://github.com/hashicorp/nomad/commit/b3c0e6a7a53d624003698b48b6c59739552c3721

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/hashicorp/nomad/commit/b3c0e6a7a53d624003698b48b6c59739552c3721

reference_url

https://github.com/hashicorp/nomad/commit/fcb3a5d016a3dfcc63efcdb567373735a0703279

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/hashicorp/nomad/commit/fcb3a5d016a3dfcc63efcdb567373735a0703279

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-24683

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-24683

reference_url

https://security.netapp.com/advisory/ntap-20220318-0008

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220318-0008

Weaknesses

cwe_id	22
name	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
description	The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Exploits

Severity_range_score 7.0 - 8.9

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mt6v-wu59-2fe3

Vulnerability Instance