VYPR
Low severityNVD Advisory· Published Oct 27, 2023· Updated Sep 9, 2024

Vagrant’s Windows Installer Allowed Directory Junction Write

CVE-2023-5834

Description

HashiCorp Vagrant's Windows installer targeted a custom location with a non-protected path that could be junctioned, introducing potential for unauthorized file system writes. Fixed in Vagrant 2.4.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/hashicorp/vagrantGo
< 2.4.02.4.0

Affected products

2

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.