VYPR
Medium severity5.9NVD Advisory· Published Feb 14, 2022· Updated Jun 17, 2026

CVE-2022-24686

CVE-2022-24686

Description

HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.11, and 1.2.5 artifact download functionality has a race condition such that the Nomad client agent could download the wrong artifact into the wrong destination. Fixed in 1.0.18, 1.1.12, and 1.2.6

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/hashicorp/nomadGo
>= 0.3.0, < 1.0.181.0.18
github.com/hashicorp/nomadGo
>= 1.1.0, < 1.1.121.1.12
github.com/hashicorp/nomadGo
>= 1.2.0, < 1.2.61.2.6

Affected products

2

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.