6.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-24684

GHSA ID

GHSA-6jm6-cmcp-fqjq

EPSS Score

0.70434%

CWE

CWE-400

Published

2/16/2022

Updated

2/3/2023

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2022-24684

CVE-2022-24684: Nomad Spread Job Stanza May Trigger Panic in Servers

Nomad and Nomad Enterprise allows operators with job-submit capabilities to use the spread stanza in a way such that it can cause panic in Nomad servers. This vulnerability, CVE-2022-24684, was fixed in Nomad 1.0.18, 1.1.12, and 1.2.6.

(GitHub Advisory)

6.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2022-24684

GHSA ID

GHSA-6jm6-cmcp-fqjq

EPSS Score

0.70434%

CWE

CWE-400

Published

2/16/2022

Updated

2/3/2023

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
github.com/hashicorp/nomad	go	>= 0.9.0, < 1.0.18	1.0.18
github.com/hashicorp/nomad	go	>= 1.1.0, < 1.1.12	1.1.12
github.com/hashicorp/nomad	go	>= 1.2.0, < 1.2.6	1.2.6

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from improper state management in the spread iterator when processing job updates. The key functions are:

SetJob() - Failed to reset internal maps (tgSpreadInfo/groupPropertySets) when switching job versions, allowing stale spread configuration data to persist
Next() - Attempted to access spreadDetails without nil checking, causing panic when processing jobs that removed spread configurations

These functions would appear in stack traces when:

Processing job updates with spread->no-spread configuration changes
Handling allocation stops while maintaining canary deployments
Accessing uninitialized spreadAttributeMap entries during node ranking

The added map resets in SetJob and nil checks in Next() directly correspond to the vulnerability's root cause (CWE-400) by preventing resource exhaustion through panic-induced server crashes.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Nom** *n* Nom** *nt*rpris* *llows op*r*tors wit* jo*-su*mit **p**iliti*s to us* t** spr*** st*nz* in * w*y su** t**t it **n **us* p*ni* in Nom** s*rv*rs. T*is vuln*r**ility, *V*-****-*****, w*s *ix** in Nom** *.*.**, *.*.**, *n* *.*.*.

Reasoning

T** vuln*r**ility st*ms *rom improp*r st*t* m*n***m*nt in t** spr*** it*r*tor w**n pro**ssin* jo* up**t*s. T** k*y *un*tions *r*: *. S*tJo*() - **il** to r*s*t int*rn*l m*ps (t*Spr***In*o/*roupProp*rtyS*ts) w**n swit**in* jo* v*rsions, *llowin* st*l*

6.5

Basic Information

Concerned about an active attack path?

CVE-2022-24684: Nomad Spread Job Stanza May Trigger Panic in Servers

6.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI