CVE-2022-41606: Nomad Panics On Job Submission With Bad Artifact Stanza Source URL

October 12, 2022 (updated October 13, 2022)

HashiCorp Nomad and Nomad Enterprise 1.0.2 up to 1.2.12, and 1.3.5 jobs submitted with an artifact stanza using invalid S3 or GCS URLs can be used to crash client agents. Fixed in 1.2.13, 1.3.6, and 1.4.0.

References

discuss.hashicorp.com/
discuss.hashicorp.com/t/hcsec-2022-22-nomad-panics-on-job-submission-with-bad-artifact-stanza-source-url/45420
github.com/advisories/GHSA-7v3g-4878-5qrf
nvd.nist.gov/vuln/detail/CVE-2022-41606

Code Behaviors & Features

Detect and mitigate CVE-2022-41606 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →