📦

vagrant

Vendor: hashicorp

Actively Exploited 0 CISA KEV List

PoC / Exploits 2 Code Available

Total RCEs 1 Remote Access

Total CVEs 36 Total Indexed

Avg. EPSS 0.09% Exploit Prob.

Latest CVE CVE-2023-5834 Oct 27

Security Vulnerability Index

Page 1 / 4

3.8 CVSS

CVE-2023-5834

HashiCorp Vagrant's Windows installer targeted a custom location with a non-protected path that could be junctioned, introducing potential for unauthorized file system writes. Fixed in Vagrant 2.4.0.

EPSS: 0.08%

Severity: LOW

Oct 27, 2023

7.8 CVSS

CVE-2022-42717

RCE

An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configured according to this documentation, non-privileged users on the host can leverage a wildcard in the sudoers configuration to execute arbitrary commands as root.

EPSS: 0.10%

Severity: HIGH

Oct 11, 2022

7.8 CVSS

CVE-2017-16777

Exploit Found

If HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.3 is installed but VMware Fusion is not, a local attacker can create a fake application directory and exploit the suid sudo helper in order to escalate to root.

EPSS: 0.09%

Severity: HIGH

Nov 16, 2017

7.8 CVSS

CVE-2017-16001

Exploit Found

In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.1, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges.

EPSS: 0.09%

Severity: HIGH

Nov 06, 2017

Displaying 4 of 36 Total Entries

1 2 3 4

Total 4 Sections