{"id":"CVE-2022-24686","details":"HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.11, and 1.2.5 artifact download functionality has a race condition such that the Nomad client agent could download the wrong artifact into the wrong destination. Fixed in 1.0.18, 1.1.12, and 1.2.6","aliases":["GHSA-gwmc-6795-qghj","GO-2022-0600"],"modified":"2026-04-10T04:45:30.968268Z","published":"2022-02-14T14:15:08.630Z","references":[{"type":"ADVISORY","url":"https://discuss.hashicorp.com"},{"type":"ADVISORY","url":"https://discuss.hashicorp.com/t/hcsec-2022-01-nomad-artifact-download-race-condition/35559"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20220318-0008/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/hashicorp/nomad","events":[{"introduced":"a1e1de0d6c363dcf4fa6df5f6ce9b9993e33b6e6"},{"fixed":"7eb2ad21ae4a0a001cb89be92564fca09b1132e5"},{"introduced":"a1e1de0d6c363dcf4fa6df5f6ce9b9993e33b6e6"},{"fixed":"7eb2ad21ae4a0a001cb89be92564fca09b1132e5"},{"introduced":"f99f1e27bb66bee36a1f3cdf00335e81e93ffff2"},{"fixed":"8469293aa07056a0f8682e76716e12f0178fe4c8"},{"introduced":"f99f1e27bb66bee36a1f3cdf00335e81e93ffff2"},{"fixed":"8469293aa07056a0f8682e76716e12f0178fe4c8"},{"introduced":"bee0c3e04eb4ce34b8ac22ff27fcb421a9dccec5"},{"fixed":"95514d569610f15ce49b4a7a1a6bfd3e7b3e7b4f"},{"introduced":"bee0c3e04eb4ce34b8ac22ff27fcb421a9dccec5"},{"fixed":"95514d569610f15ce49b4a7a1a6bfd3e7b3e7b4f"}],"database_specific":{"versions":[{"introduced":"0.3.0"},{"fixed":"1.0.18"},{"introduced":"0.3.0"},{"fixed":"1.0.18"},{"introduced":"1.1.0"},{"fixed":"1.1.12"},{"introduced":"1.1.0"},{"fixed":"1.1.12"},{"introduced":"1.2.0"},{"fixed":"1.2.6"},{"introduced":"1.2.0"},{"fixed":"1.2.6"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-24686.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}