HashiCorp Nomad and Nomad Enterprise 1.0.17, 1.1.11, and 1.2.5 allow invalid HCL for the jobs parse endpoint, which may cause excessive CPU usage. Fixed in 1.0.18, 1.1.12, and 1.2.6.
References
Link | Resource |
---|---|
https://discuss.hashicorp.com | Product Vendor Advisory |
https://discuss.hashicorp.com/t/hcsec-2022-03-nomad-malformed-job-parsing-results-in-excessive-cpu-usage/ | |
https://discuss.hashicorp.com/t/hcsec-2022-03-nomad-malformed-job-parsing-results-in-excessive-cpu-usage/35561 | Vendor Advisory |
https://security.netapp.com/advisory/ntap-20220331-0007/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
11 Aug 2022, 00:15
Type | Values Removed | Values Added |
---|---|---|
Summary | HashiCorp Nomad and Nomad Enterprise 1.0.17, 1.1.11, and 1.2.5 allow invalid HCL for the jobs parse endpoint, which may cause excessive CPU usage. Fixed in 1.0.18, 1.1.12, and 1.2.6. | |
References |
|
26 Apr 2022, 20:52
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20220331-0007/ - Third Party Advisory |
31 Mar 2022, 09:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
08 Mar 2022, 17:44
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://discuss.hashicorp.com - Product, Vendor Advisory | |
References | (MISC) https://discuss.hashicorp.com/t/hcsec-2022-03-nomad-malformed-job-parsing-results-in-excessive-cpu-usage/35561 - Vendor Advisory | |
CWE | CWE-770 | |
First Time |
Hashicorp
Hashicorp nomad |
|
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CPE | cpe:2.3:a:hashicorp:nomad:*:*:*:*:-:*:*:* cpe:2.3:a:hashicorp:nomad:*:*:*:*:enterprise:*:*:* |
28 Feb 2022, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-02-28 14:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-24685
Mitre link : CVE-2022-24685
CVE.ORG link : CVE-2022-24685
JSON object : View
Products Affected
hashicorp
- nomad
CWE
CWE-770
Allocation of Resources Without Limits or Throttling