VYPR
Moderate severityNVD Advisory· Published Nov 7, 2024· Updated Nov 7, 2024

Nomad Vulnerable To Cross-Namespace Volume Creation Abusing CSI Write Permission

CVE-2024-10975

Description

Nomad Community and Nomad Enterprise ("Nomad") volume specification is vulnerable to arbitrary cross-namespace volume creation through unauthorized Container Storage Interface (CSI) volume writes. This vulnerability, identified as CVE-2024-10975, is fixed in Nomad Community Edition 1.9.2 and Nomad Enterprise 1.9.2, 1.8.7, and 1.7.15.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/hashicorp/nomadGo
<= 1.9.1

Affected products

8

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.