The Vagrant VMWare Utility Windows installer targeted a custom location with a non-protected path that could be modified by an unprivileged user, introducing potential for unauthorized file system writes. This vulnerability, CVE-2024-10228, was fixed in Vagrant VMWare Utility 1.0.23
Metrics
Affected Vendors & Products
References
History
Thu, 07 Nov 2024 17:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Hashicorp
Hashicorp vagrant Vmware Utility |
|
CPEs | cpe:2.3:a:hashicorp:vagrant_vmware_utility:*:*:*:*:*:windows:*:* | |
Vendors & Products |
Hashicorp
Hashicorp vagrant Vmware Utility |
Wed, 30 Oct 2024 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 29 Oct 2024 21:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Vagrant VMWare Utility Windows installer targeted a custom location with a non-protected path that could be modified by an unprivileged user, introducing potential for unauthorized file system writes. This vulnerability, CVE-2024-10228, was fixed in Vagrant VMWare Utility 1.0.23 | |
Title | Vagrant VMWare Utility installation files vulnerable to modification by unprivileged user | |
Weaknesses | CWE-732 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: HashiCorp
Published: 2024-10-29T21:18:13.145Z
Updated: 2024-10-30T13:25:02.816Z
Reserved: 2024-10-22T00:11:00.338Z
Link: CVE-2024-10228
Vulnrichment
Updated: 2024-10-30T13:24:59.150Z
NVD
Status : Analyzed
Published: 2024-10-29T22:15:03.220
Modified: 2024-11-07T17:12:45.750
Link: CVE-2024-10228
Redhat
No data.