CVSS: 3.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10228 – Vagrant VMWare Utility installation files vulnerable to modification by unprivileged user
https://notcve.org/view.php?id=CVE-2024-10228
29 Oct 2024 — The Vagrant VMWare Utility Windows installer targeted a custom location with a non-protected path that could be modified by an unprivileged user, introducing potential for unauthorized file system writes. This vulnerability, CVE-2024-10228, was fixed in Vagrant VMWare Utility 1.0.23 El instalador de Windows de Vagrant VMWare Utility apuntaba a una ubicación personalizada con una ruta no protegida que podía ser modificada por un usuario sin privilegios, lo que generaba la posibilidad de escrituras no autoriz... • https://discuss.hashicorp.com/t/hcsec-2024-25-vagrant-vmware-utility-installation-files-vulnerable-to-modification-by-unprivileged-user • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5834 – Vagrant’s Windows Installer Allowed Directory Junction Write
https://notcve.org/view.php?id=CVE-2023-5834
27 Oct 2023 — HashiCorp Vagrant's Windows installer targeted a custom location with a non-protected path that could be junctioned, introducing potential for unauthorized file system writes. Fixed in Vagrant 2.4.0. El instalador HashiCorp Vagrant de Windows apuntó a una ubicación personalizada con una ruta no protegida que podía unirse, lo que introdujo la posibilidad de escrituras no autorizadas en el sistema de archivos. Corregido en Vagrant 2.4.0. • https://discuss.hashicorp.com/t/hcsec-2023-31-vagrant-s-windows-installer-allowed-directory-junction-write/59568 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-1386: Insecure Operation on Windows Junction / Mount Point •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-42717
https://notcve.org/view.php?id=CVE-2022-42717
11 Oct 2022 — An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configured according to this documentation, non-privileged users on the host can leverage a wildcard in the sudoers configuration to execute arbitrary commands as root. Se ha detectado un problema en Hashicorp Packer versiones anteriores a 2.3.1. La configuración de sudoers recomendada para Vagrant en Linux es insegura. • https://discuss.hashicorp.com/t/hcsec-2022-23-vagrant-nfs-sudoers-configuration-allows-for-local-privilege-escalation/45423 •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 2CVE-2021-21361 – Sensitive information disclosure via log in com.bmuschko:gradle-vagrant-plugin
https://notcve.org/view.php?id=CVE-2021-21361
09 Mar 2021 — The `com.bmuschko:gradle-vagrant-plugin` Gradle plugin contains an information disclosure vulnerability due to the logging of the system environment variables. When this Gradle plugin is executed in public CI/CD, this can lead to sensitive credentials being exposed to malicious actors. This is fixed in version 3.0.0. El plugin de Gradle "com.bmuschko: gradle-vagrant-plugin" contiene una vulnerabilidad de divulgación de información debido al registro de las variables de entorno del sistema. Cuando este ... • https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-jpcm-4485-69p7 • CWE-532: Insertion of Sensitive Information into Log File •