Hashicorp: >> Vagrant >> 0.3.0 Security Vulnerabilities
HashiCorp Vagrant's Windows installer targeted a custom location with a non-protected path that could be junctioned, introducing potential for unauthorized file system writes. Fixed in Vagrant 2.4.0.
CVSS Score
3.8
EPSS Score
0.001
Published
2023-10-27
An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configured according to this documentation, non-privileged users on the host can leverage a wildcard in the sudoers configuration to execute arbitrary commands as root.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-10-11