mirror of
https://github.com/kemko/nomad.git
synced 2026-01-01 16:05:42 +03:00
0f7b8698ec
Resolves symlink escape when unarchiving by removing existing paths within the same allocation directory which can occur by writing a header that points to a symlink that lives outside of the sandbox environment. This exploit requires first compromising the Nomad client agent at the source allocation. Ref: https://hashicorp.atlassian.net/browse/NET-10607 Ref: https://github.com/hashicorp/nomad-enterprise/pull/1725
4 lines
242 B
Plaintext
4 lines
242 B
Plaintext
```release-note:security
|
|
security: Fix symlink escape during unarchiving by removing existing paths within the same allocdir. Compromising the Nomad client agent at the source allocation first is a prerequisite for leveraging this issue.
|
|
```
|