Nomad 1.7.4 security update

CVE-2024-1329 - Arbitrary Write Through Symlink Attack

Nomad 1.7.4 and Nomad Enterprise 1.7.4 have been released with an important security update, as well as backports to Nomad and Nomad Enterprise 1.6.7 and 1.5.14.

A bug was discovered in Nomad’s template rendering that allows a malicious or compromised task to cause the template renderer to write to arbitrary files on the host as the Nomad client user (typically root) by using a symlink to bypass safety checks done in the client. All versions of Nomad and Nomad Enterprise are impacted.

To protect Nomad client hosts from this attack, Nomad now reads template sources and writes template destination files in a sandboxed subprocess.


Users should upgrade Nomad to v1.7.4, 1.6.7, or 1.5.15. Upgrading the Nomad clients is sufficient to mitigate the bug, although we recommend keeping Nomad servers and clients on the same version. The mitigation for this can be deactivated by setting client.disable_file_sandbox=true on Nomad client configuration.

This remediation does not protect raw_exec tasks on Windows, which have unrestricted access to the host. The Nomad team strongly recommends against allowing raw_exec tasks with untrusted workloads.

Users on Windows who are running Windows containers with the docker task driver can further protect their clients against this attack by ensuring that Docker containers do not run as the default ContainerAdministrator user, but instead run as the ContainerUser user (which cannot create symlinks).

Other Fixes

  • This security release includes two other security-related fixes:
  • Nomad’s runc library has been updated to 1.1.12, which was released to mitigate CVE-2024-21626. Although Nomad itself is not vulnerable to this bug, this will eliminate false positives on vulnerability scanners.
  • A bug was fixed in allocation directory migration. The Nomad client did not check that any symlinks in the archive pointed outside the allocation directory. While task driver sandboxing will protect against processes inside the task from reading/writing through the symlink, this doesn’t protect against the client itself from performing unintended operations outside the sandbox, such as the template-based attack described above.