415 matches found
Vagrant Synced Folder Vagrantfile Breakout
This module exploits a default Vagrant synced folder shared folder to append a Ruby payload to the Vagrant project Vagrantfile config file. By default, unless a Vagrant project explicitly disables shared folders, Vagrant mounts the project directory on the host as a writable 'vagrant' directory o...
Vagrant Synced Folder Vagrantfile Breakout
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Vagrant Synced Folder Vagrantfile Breakout', 'Description' = %q This module exploits a default Vagrant synced folder shared folder to append a Ru...
An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configured according to this documentation non-privileged users on the host can leverage a wildcard in the sudoers configuration to execute arbitrary commands as root.
...
Privilege Escalation
Overview Affected versions of this package are vulnerable to Privilege Escalation due to the recommended sudoers configuration for Vagrant on Linux being insecure. If the host has been configured according to this documentation, non-privileged users on the host can leverage a wildcard in the...
AZL-11115 CVE-2022-42717 affecting package packer for versions less than 1.8.7-1
An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configured according to this documentation, non-privileged users on the host can leverage a wildcard in the sudoers configuration to execute...
CVE-2022-42717
An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configured according to this documentation, non-privileged users on the host can leverage a wildcard in the sudoers configuration to execute...
UBUNTU-CVE-2022-42717
An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configured according to this documentation, non-privileged users on the host can leverage a wildcard in the sudoers configuration to execute...
CVE-2022-42717
CVE-2022-42717 affects Hashicorp Packer prior to 2.3.1. The issue is an insecure sudoers configuration for Vagrant on Linux, where a host configured per the documentation permits non-privileged users to exploit a wildcard in sudoers to execute commands as root. The data in connected sources confi...
CVE-2022-42717
An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configured according to this documentation, non-privileged users on the host can leverage a wildcard in the sudoers configuration to execute...
CVE-2022-42717
An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configured according to this documentation, non-privileged users on the host can leverage a wildcard in the sudoers configuration to execute...
CVE-2022-42717
An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configured according to this documentation, non-privileged users on the host can leverage a wildcard in the sudoers configuration to execute...
PT-2022-26517 · Hashicorp · Hashicorp Packer +1
Name of the Vulnerable Software and Affected Versions: Hashicorp Packer versions prior to 2.3.1 Description: An issue was discovered in the recommended sudoers configuration for Vagrant on Linux, which is insecure. Non-privileged users on the host can leverage a wildcard in the sudoers...
Vagrant NFS sudoers Configuration Allows for Local Privilege Escalation
Summary Optional sudoers configuration for Vagrant NFS shared folders allows for local privilege escalation Background The documentation associated with Vagrant’s NFS driver for Linux suggested configuring a Vagrant host with a specific sudoers configuration, which removed the need for vagrant...
crAPI - Completely Ridiculous API
c ompletely r idiculous API crAPI will help you to understand the ten most critical API security risks. crAPI is vulnerable by design, but you'll be able to safely run it to educate/train yourself. crAPI is modern, built on top of a microservices architecture. When time has come to buy your first...
CVE-2022-37009
In JetBrains IntelliJ IDEA before 2022.2 local code execution via a Vagrant executable was possible...
CVE-2022-37009
In JetBrains IntelliJ IDEA before 2022.2 local code execution via a Vagrant executable was possible...
Code injection
In JetBrains IntelliJ IDEA before 2022.2 local code execution via a Vagrant executable was possible...
CVE-2022-37009
In JetBrains IntelliJ IDEA before 2022.2 local code execution via a Vagrant executable was possible...
CVE-2022-37009
JetBrains IntelliJ IDEA prior to 2022.2 is affected by CVE-2022-37009, enabling local code execution through the Vagrant executable. The vulnerability description across sources consistently states that local code execution via Vagrant is possible in affected IntelliJ IDEA versions before 2022.2....
JetBrains IntelliJ IDEA 代码注入漏洞
Jetbrains JetBrains IntelliJ IDEA is a set of integrated development environments for the Java language from the Czech company Jetbrains. A security vulnerability exists in JetBrains IntelliJ IDEA 2022.2 and earlier versions, which stems from the possibility that an attacker could execute native...