CVE-2025-34075
- EPSS 0.02%
- Veröffentlicht 02.07.2025 19:26:01
- Zuletzt bearbeitet 16.07.2025 14:15:24
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Initially assigned to document an issues that allows guest VM to modify the host’s Vagrantfile via default synced folder, leading to host-side code execution...
CVE-2023-5834
- EPSS 0.08%
- Veröffentlicht 27.10.2023 22:15:09
- Zuletzt bearbeitet 21.11.2024 08:42:35
HashiCorp Vagrant's Windows installer targeted a custom location with a non-protected path that could be junctioned, introducing potential for unauthorized file system writes. Fixed in Vagrant 2.4.0.
CVE-2022-42717
- EPSS 0.06%
- Veröffentlicht 11.10.2022 23:15:10
- Zuletzt bearbeitet 20.05.2025 15:15:51
An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configured according to this documentation, non-privileged users on the host can leverage a wildcar...
CVE-2017-16777
- EPSS 0.09%
- Veröffentlicht 16.11.2017 15:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
If HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.3 is installed but VMware Fusion is not, a local attacker can create a fake application directory and exploit the suid sudo helper in order to escalate to root.
CVE-2017-16001
- EPSS 0.09%
- Veröffentlicht 06.11.2017 17:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.1, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges.