{"id":"CVE-2024-6717","details":"HashiCorp Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 1.8.1 archive unpacking during migration is vulnerable to path escaping of the allocation directory. This vulnerability, CVE-2024-6717, is fixed in Nomad 1.6.13, 1.7.10, and 1.8.2.","aliases":["GHSA-5mqx-rpxv-mvxj","GO-2026-4278"],"modified":"2026-04-10T05:19:57.500246Z","published":"2024-07-23T01:15:09.190Z","related":["SUSE-SU-2026:0142-1"],"references":[{"type":"ADVISORY","url":"https://discuss.hashicorp.com/t/hcsec-2024-15-nomad-vulnerable-to-allocation-directory-path-escape-through-archive-unpacking/68781"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/hashicorp/nomad","events":[{"introduced":"e4150e9703f3be6ee2339f0e45ff0801186e022b"},{"fixed":"de10efa3fa3b72ccf0cde9a9b0eb1c9ed0cd309d"},{"introduced":"e4150e9703f3be6ee2339f0e45ff0801186e022b"},{"fixed":"de10efa3fa3b72ccf0cde9a9b0eb1c9ed0cd309d"},{"introduced":"0"},{"last_affected":"3f4057be2e9442a98ad4dc6a185294064067d545"},{"introduced":"0"},{"last_affected":"3f4057be2e9442a98ad4dc6a185294064067d545"},{"introduced":"0"},{"last_affected":"5022543e4b7b8dcec9df123f86630ae3fdcffbe6"},{"introduced":"0"},{"last_affected":"5022543e4b7b8dcec9df123f86630ae3fdcffbe6"}],"database_specific":{"versions":[{"introduced":"1.7.0"},{"fixed":"1.7.10"},{"introduced":"1.7.0"},{"fixed":"1.7.10"},{"introduced":"0"},{"last_affected":"1.6.12"},{"introduced":"0"},{"last_affected":"1.6.12"},{"introduced":"0"},{"last_affected":"1.8.1"},{"introduced":"0"},{"last_affected":"1.8.1"}]}}],"versions":["ent-changelog-1.6.11","ent-changelog-1.6.12","show","v0.0.0","v0.1.0","v0.1.1","v0.1.2","v0.10.0-beta1","v0.2.0","v0.2.1","v0.2.2","v0.2.3","v0.2.3-rc1","v0.3.0-rc2","v0.3.1","v0.3.2","v0.3.2-rc1","v0.3.2-rc2","v0.3rc1","v0.4.0","v0.4.0-rc1","v0.4.0-rc2","v0.4.1","v0.4.1-rc1","v0.5.0","v0.5.0-rc1","v0.5.0-rc2","v0.5.1","v0.5.1-rc1","v0.5.1-rc2","v0.5.2","v0.5.2-rc1","v0.5.3","v0.5.5","v0.5.5-rc1","v0.5.5-rc2","v0.5.6","v0.5.6-rc1","v0.6.0","v0.6.0-rc1","v0.6.0-rc2","v0.6.1","v0.6.2","v0.6.3-rc1","v0.7.0","v0.7.0-rc1","v0.7.0-rc2","v0.7.0-rc3","v0.7.1","v0.7.1+pro","v0.7.1-rc1","v0.7.1-rc1+pro","v0.8.0","v0.8.0+pro","v0.8.0-rc1","v0.8.0-rc1+pro","v0.8.2","v0.8.3","v0.8.4","v0.8.4-rc1","v0.9.0","v0.9.0-beta1","v0.9.0-beta2","v0.9.0-beta3","v0.9.0-rc1","v0.9.0-rc2","v0.9.2","v0.9.2-rc1","v0.9.3","v0.9.4","v0.9.4-rc1","v1.8.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-6717.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N"}]}