Miggo Logo
Miggo Vulnerability Database
CVE-2022-30324

CVE-2022-30324: Privilege escalation in Hashicorp Nomad

9.8

CVSS Score
3.1

Basic Information

CVE ID
CVE-2022-30324
GHSA ID
GHSA-526x-rm7j-v389
EPSS Score
0.61038%
CWE
-
Published
6/3/2022
Updated
1/27/2023
KEV Status
No
Technology
TechnologyGo

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
github.com/hashicorp/nomadgo>= 0.2.0, < 1.1.141.1.14
github.com/hashicorp/nomadgo>= 1.2.0, < 1.2.81.2.8
github.com/hashicorp/nomadgo>= 1.3.0, < 1.3.11.3.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from Nomad's artifact subsystem using vulnerable go-getter versions. Key functions are: 1) The ArtifactHook's download method that initiates artifact retrieval, and 2) The go-getter wrapper that interfaces with the vulnerable library. These functions inherited go-getter's flaws (CVE-2022-26945 et al) allowing path traversal and protocol injection. The artifact stanza processing pipeline would pass user-controlled input to these functions without adequate validation, enabling client host compromise. While exact line numbers aren't visible, Nomad's architecture documents and HashiCorp's bulletin confirm the artifact subsystem's reliance on go-getter makes these core functions the attack surface.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

**s*i*orp Nom** *n* Nom** *nt*rpris* v*rsion *.*.* up to *.*.* w*r* imp**t** *y *o-**tt*r vuln*r**iliti*s *n**lin* privil*** *s**l*tion t*rou** t** *rti***t st*nz* in su*mitt** jo*s onto t** *li*nt ***nt *ost. *ix** in *.*.**, *.*.*, *n* *.*.*.

Reasoning

T** vuln*r**ility st*ms *rom Nom**'s *rti***t su*syst*m usin* vuln*r**l* *o-**tt*r v*rsions. K*y *un*tions *r*: *) T** *rti***t*ook's *ownlo** m*t*o* t**t initi*t*s *rti***t r*tri*v*l, *n* *) T** *o-**tt*r wr*pp*r t**t int*r****s wit* t** vuln*r**l*