Low severityNVD Advisory· Published Oct 27, 2023· Updated Sep 9, 2024
Vagrant’s Windows Installer Allowed Directory Junction Write
CVE-2023-5834
Description
HashiCorp Vagrant's Windows installer targeted a custom location with a non-protected path that could be junctioned, introducing potential for unauthorized file system writes. Fixed in Vagrant 2.4.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/hashicorp/vagrantGo | < 2.4.0 | 2.4.0 |
Affected products
2Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.