Unrated severityNVD Advisory· Published Oct 11, 2022· Updated May 20, 2025

CVE-2022-42717

Description

An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configured according to this documentation, non-privileged users on the host can leverage a wildcard in the sudoers configuration to execute arbitrary commands as root.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Hashicorp/Packerdescription
Hashicorp/Packerllm-create
Range: <2.3.1
Hashicorp/Vagrantllm-fuzzy

Patches

Vulnerability mechanics

References

discuss.hashicorp.com/t/hcsec-2022-23-vagrant-nfs-sudoers-configuration-allows-for-local-privilege-escalation/45423mitre
github.com/hashicorp/vagrant/pull/12910mitre
www.vagrantup.com/docs/synced-folders/nfsmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000