CVE-2024-6717 Overview
CVE-2024-6717 is a path traversal vulnerability in HashiCorp Nomad and Nomad Enterprise. The flaw exists in the archive unpacking routine used during allocation migration between nodes. An attacker can craft archive contents that escape the allocation directory and write files to arbitrary locations on the host filesystem. HashiCorp tracks the issue as HCSEC-2024-15 and classifies it under [CWE-610: Externally Controlled Reference to a Resource in Another Sphere].
The vulnerability affects Nomad and Nomad Enterprise versions 1.6.12 through 1.7.9, and 1.8.1. HashiCorp resolved the issue in 1.6.13, 1.7.10, and 1.8.2.
Critical Impact
A network-reachable attacker can write files outside the intended allocation directory during migration, leading to high integrity impact across Nomad-managed hosts.
Affected Products
- HashiCorp Nomad versions 1.6.12 through 1.7.9
- HashiCorp Nomad version 1.8.1
- HashiCorp Nomad Enterprise (same version ranges)
Discovery Timeline
- 2024-07-23 - CVE-2024-6717 published to NVD
- 2026-01-02 - Last updated in NVD database
Technical Details for CVE-2024-6717
Vulnerability Analysis
Nomad supports allocation migration, which moves a running workload's state directory from one client node to another. During this process, the destination node receives an archive containing the allocation directory and unpacks it into the local Nomad data directory. The unpacking logic does not adequately validate entry paths within the archive. A crafted archive can contain entries with relative path components such as ../ that resolve outside the target allocation directory.
When the destination Nomad client extracts the archive, files are written to locations chosen by the attacker rather than being constrained to the allocation root. This allows the attacker to overwrite Nomad configuration, drop binaries into privileged paths, or corrupt files used by other workloads scheduled on the same node. The CVSS vector indicates a scope change, reflecting that the impact reaches resources outside the original security boundary of the allocation sandbox.
Root Cause
The root cause is insufficient sanitization of archive member paths during migration unpacking. The code path responsible for restoring allocation state writes files using paths derived from archive entries without enforcing that the resolved destination remains inside the allocation directory. This is a classic archive extraction flaw, often referred to as a Zip Slip or Tar Slip pattern, and falls under [CWE-610].
Attack Vector
Exploitation requires the attacker to control the contents of an allocation that is then migrated to a target Nomad client. An adversary with the ability to submit jobs to a Nomad cluster, or who compromises a source node hosting an allocation slated for migration, can stage a malicious state directory. When Nomad triggers migration, the malicious archive is transmitted to the destination client and unpacked, writing attacker-controlled files outside the allocation directory.
No public proof-of-concept exploit has been published, and the issue is not listed in the CISA Known Exploited Vulnerabilities catalog. See the HashiCorp Security Advisory HCSEC-2024-15 for vendor technical details.
Detection Methods for CVE-2024-6717
Indicators of Compromise
- Files appearing in Nomad client data directories with paths that resolve outside the expected allocation root (for example, files written under /etc, /usr/local/bin, or the Nomad configuration directory shortly after a migration event).
- Unexpected modifications to Nomad client configuration files or service unit files following allocation migration activity.
- Archive members in migration payloads containing .. path traversal sequences.
Detection Strategies
- Inspect Nomad client logs for migration events and correlate with filesystem modification timestamps outside the allocation directory tree.
- Audit allocation directories for symbolic links or files whose canonical paths fall outside data_dir/alloc/<alloc-id>.
- Compare running Nomad client and host binaries against known-good hashes after migration operations.
Monitoring Recommendations
- Enable file integrity monitoring on Nomad client data directories, configuration paths, and system binary directories.
- Forward Nomad client and server logs to a centralized analytics platform and alert on migration RPCs followed by writes outside expected paths.
- Track Nomad version inventory across all servers and clients to confirm patched releases are deployed.
How to Mitigate CVE-2024-6717
Immediate Actions Required
- Upgrade Nomad and Nomad Enterprise to 1.6.13, 1.7.10, or 1.8.2 or later on all servers and clients.
- Restrict job submission to trusted principals using Nomad ACLs until upgrades are complete.
- Review recent migration events for evidence of out-of-bounds file writes and rebuild any client nodes that show signs of tampering.
Patch Information
HashiCorp released fixed versions 1.6.13, 1.7.10, and 1.8.2 that enforce path containment during archive unpacking. Detailed remediation guidance is available in the HashiCorp Security Advisory HCSEC-2024-15.
Workarounds
- Disable allocation migration features where operationally feasible until clients are patched.
- Limit who can submit jobs by tightening Nomad ACL policies and removing broad submit-job capabilities from untrusted namespaces.
- Run Nomad clients with the least privilege required and isolate them using OS-level mandatory access controls to limit the blast radius of out-of-bounds writes.
# Verify installed Nomad version and confirm it is patched
nomad version
# Example minimum patched versions:
# Nomad 1.6.13
# Nomad 1.7.10
# Nomad 1.8.2
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
