Lucene search
GoogleOSV:CVE-2023-5834HistoryOct 27, 2023 - 10:15 p.m.
CVE-2023-5834
2023-10-2722:15:09
Google
osv.dev
4
hashicorp vagrant
windows installer
vulnerability
fixed
unauthorized file system writes
junctioned
cve-2023-5834
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
7.1
Confidence
Low
EPSS
0
Percentile
9.0%
HashiCorp Vagrantβs Windows installer targeted a custom location with a non-protected path that could be junctioned, introducing potential for unauthorized file system writes. Fixed in Vagrant 2.4.0.
Related
cve
cve
CVE-2023-5834
2023-10-27 22:15:09
nvd
nvd
CVE-2023-5834
2023-10-27 22:15:09
osv
osv
cvelist
cvelist
CVE-2023-5834 Vagrantβs Windows Installer Allowed Directory Junction Write
2023-10-27 21:06:38
vulnrichment
vulnrichment
CVE-2023-5834 Vagrantβs Windows Installer Allowed Directory Junction Write
2023-10-27 21:06:38
prion
prion
Design/Logic Flaw
2023-10-27 22:15:00
github
github
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
7.1
Confidence
Low
EPSS
0
Percentile
9.0%
Related for OSV:CVE-2023-5834