Hashicorp: >> Vagrant Vmware Fusion >> 3.1.2 Security Vulnerabilities
An insecure suid wrapper binary in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 4.0.24 and earlier allows a non-root user to obtain a root shell.
CVSS Score
7.8
EPSS Score
0.004
Published
2017-10-19
HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.24 uses weak permissions for the sudo helper scripts, allows local users to execute arbitrary code with root privileges by overwriting one of the scripts.
CVSS Score
8.8
EPSS Score
0.003
Published
2017-08-08
The sudo helper in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.21 allows local users to gain root privileges by leveraging failure to verify the path to the encoded ruby script or scrub the PATH variable.
CVSS Score
7.8
EPSS Score
0.004
Published
2017-08-02