Filtered by vendor Hashicorp Subscriptions
Filtered by product Vagrant Subscriptions
Total 4 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-5834 1 Hashicorp 1 Vagrant 2024-11-21 3.8 Low
HashiCorp Vagrant's Windows installer targeted a custom location with a non-protected path that could be junctioned, introducing potential for unauthorized file system writes. Fixed in Vagrant 2.4.0.
CVE-2022-42717 2 Hashicorp, Linux 2 Vagrant, Linux Kernel 2024-11-21 7.8 High
An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configured according to this documentation, non-privileged users on the host can leverage a wildcard in the sudoers configuration to execute arbitrary commands as root.
CVE-2017-16777 1 Hashicorp 1 Vagrant 2024-11-21 N/A
If HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.3 is installed but VMware Fusion is not, a local attacker can create a fake application directory and exploit the suid sudo helper in order to escalate to root.
CVE-2017-16001 1 Hashicorp 1 Vagrant 2024-11-21 N/A
In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.1, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges.