UBUNTU-CVE-2022-41606

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2022-41606

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-41606.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2022-41606

Upstream

CVE-2022-41606

Published

2022-10-12T00:15:00Z

Modified

2025-07-16T07:56:55.848161Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Ubuntu - low

Summary

[none]

Details

HashiCorp Nomad and Nomad Enterprise 1.0.2 up to 1.2.12, and 1.3.5 jobs submitted with an artifact stanza using invalid S3 or GCS URLs can be used to crash client agents. Fixed in 1.2.13, 1.3.6, and 1.4.0.

References

Affected packages

Ubuntu:Pro:18.04:LTS / nomad

Package

Name: nomad
Purl: pkg:deb/ubuntu/nomad@0.4.0+dfsg-1?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.4.0+dfsg-1

Ubuntu:Pro:20.04:LTS / nomad

Package

Name: nomad
Purl: pkg:deb/ubuntu/nomad@0.8.7+dfsg1-1ubuntu1?arch=source&distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.8.7+dfsg1-1ubuntu1