VYPR

Vagrant

by Hashicorp

gem: vagrant

Source repositories

CVEs (5)

  • CVE-2017-16777HigNov 16, 2017
    risk 0.54cvss 7.8epss 0.01

    If HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.3 is installed but VMware Fusion is not, a local attacker can create a fake application directory and exploit the suid sudo helper in order to escalate to root.

  • CVE-2017-16001HigNov 6, 2017
    risk 0.54cvss 7.8epss 0.01

    In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.1, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges.

  • CVE-2024-10228Oct 29, 2024
    risk 0.00cvss epss 0.00

    The Vagrant VMWare Utility Windows installer targeted a custom location with a non-protected path that could be modified by an unprivileged user, introducing potential for unauthorized file system writes. This vulnerability, CVE-2024-10228, was fixed in Vagrant VMWare Utility…

  • CVE-2023-5834Oct 27, 2023
    risk 0.00cvss epss 0.00

    HashiCorp Vagrant's Windows installer targeted a custom location with a non-protected path that could be junctioned, introducing potential for unauthorized file system writes. Fixed in Vagrant 2.4.0.

  • CVE-2022-42717Oct 11, 2022
    risk 0.00cvss epss 0.00

    An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configured according to this documentation, non-privileged users on the host can leverage a wildcard in the sudoers…