Lucene search

HashiCorpVULNRICHMENT:CVE-2023-5834

HistoryOct 27, 2023 - 9:06 p.m.

CVE-2023-5834 Vagrant’s Windows Installer Allowed Directory Junction Write

2023-10-2721:06:38

CWE-1386

HashiCorp

github.com

cve-2023-5834

vagrant

windows installer

directory junction write

hashicorp

unauthorized file system writes

fixed

CVSS3

3.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

AI Score

6.8

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

HashiCorp Vagrant’s Windows installer targeted a custom location with a non-protected path that could be junctioned, introducing potential for unauthorized file system writes. Fixed in Vagrant 2.4.0.

References

discuss.hashicorp.com/t/hcsec-2023-31-vagrant-s-windows-installer-allowed-directory-junction-write/59568

CVSS3

3.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

AI Score

6.8

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2023-5834