{"id":"CVE-2022-24684","details":"HashiCorp Nomad and Nomad Enterprise 0.9.0 through 1.0.16, 1.1.11, and 1.2.5 allow operators with job-submit capabilities to use the spread stanza to panic server agents. Fixed in 1.0.18, 1.1.12, and 1.2.6.","aliases":["GHSA-6jm6-cmcp-fqjq","GO-2022-0560"],"modified":"2026-04-10T04:45:30.491438Z","published":"2022-02-15T15:15:12.703Z","references":[{"type":"WEB","url":"https://discuss.hashicorp.com/t/hcsec-2022-04-nomad-spread-job-stanza-may-trigger-panic-in-servers/"},{"type":"ADVISORY","url":"https://discuss.hashicorp.com"},{"type":"ADVISORY","url":"https://discuss.hashicorp.com/t/hcsec-2022-04-nomad-spread-job-stanza-may-trigger-panic-in-servers/35562"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20220318-0008/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/hashicorp/nomad","events":[{"introduced":"d77075ff2053cd2e23b6a0f8b09cd43424bed792"},{"fixed":"7eb2ad21ae4a0a001cb89be92564fca09b1132e5"},{"introduced":"d77075ff2053cd2e23b6a0f8b09cd43424bed792"},{"fixed":"7eb2ad21ae4a0a001cb89be92564fca09b1132e5"},{"introduced":"f99f1e27bb66bee36a1f3cdf00335e81e93ffff2"},{"fixed":"8469293aa07056a0f8682e76716e12f0178fe4c8"},{"introduced":"f99f1e27bb66bee36a1f3cdf00335e81e93ffff2"},{"fixed":"8469293aa07056a0f8682e76716e12f0178fe4c8"},{"introduced":"bee0c3e04eb4ce34b8ac22ff27fcb421a9dccec5"},{"fixed":"95514d569610f15ce49b4a7a1a6bfd3e7b3e7b4f"},{"introduced":"bee0c3e04eb4ce34b8ac22ff27fcb421a9dccec5"},{"fixed":"95514d569610f15ce49b4a7a1a6bfd3e7b3e7b4f"}],"database_specific":{"versions":[{"introduced":"0.9.0"},{"fixed":"1.0.18"},{"introduced":"0.9.0"},{"fixed":"1.0.18"},{"introduced":"1.1.0"},{"fixed":"1.1.12"},{"introduced":"1.1.0"},{"fixed":"1.1.12"},{"introduced":"1.2.0"},{"fixed":"1.2.6"},{"introduced":"1.2.0"},{"fixed":"1.2.6"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-24684.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}