CVE-2023-5834

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions HashiCorp Vagrant versions prior to 2.4.0

Description The issue concerns HashiCorp Vagrant's Windows installer, which targeted a custom location with a non-protected path that could be junctioned. This introduced the potential for unauthorized file system writes.

Recommendations For versions prior to 2.4.0, update to Vagrant 2.4.0 to resolve the issue. As a temporary workaround, consider restricting access to the custom location targeted by the Windows installer to minimize the risk of exploitation.

Fix

Insecure Operation on Windows Junction

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1386CWE-59

Related Identifiers

CVE-2023-5834

GHSA-47XW-VW6M-W9FQ

Affected Products

Hashicorp Vagrant

CVE-2023-5834

Weakness Enumeration

Related Identifiers

Affected Products

References · 7