GCVE - cpe:2.3:a:hashicorp:vagrant:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:hashicorp:vagrant:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Hashicorp (`dc524c16-6a01-528e-a41c-9d3e02e5e4a3`)
Product	Vagrant (`c8543415-ae17-576e-b482-4f58109cd3c8`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/hashicorp/vagrant-plugin-changelog`	purl2cpe	2026-06-01 10:14:57.584289

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-10228`	vulnerable	2026-06-03 14:54:05.153289	Vagrant VMWare Utility installation files vulnerable to modification by unprivileged user LOW (3.8) The Vagrant VMWare Utility Windows installer targeted a custom location with a non-protected path that could be modified by an unprivileged user, introducing potential for unauthorized file system writes. This vulnerability, CVE-2024-10228, was fixed in Vagrant VMWare Utility 1.0.23 Published: 2024-10-29T21:18:13.145Z Updated: 2024-10-30T13:25:02.816Z Open on db.gcve.eu Reference links https://discuss.hashicorp.com/t/hcsec-2024-25-vagrant-vmware-utility-installation-files-vulnerable-to-modification-by-unprivileged-user	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-5834`	vulnerable	2026-06-03 14:53:49.753856	Vagrant’s Windows Installer Allowed Directory Junction Write LOW (3.8) HashiCorp Vagrant's Windows installer targeted a custom location with a non-protected path that could be junctioned, introducing potential for unauthorized file system writes. Fixed in Vagrant 2.4.0. Published: 2023-10-27T21:06:38.680Z Updated: 2024-09-09T17:58:26.595Z Open on db.gcve.eu Reference links https://discuss.hashicorp.com/t/hcsec-2023-31-vagrant-s-windows-installer-allowed-directory-junction-write/59568	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-42717`	vulnerable	2026-06-03 14:48:12.823993	Details available An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configured according to this documentation, non-privileged users on the host can leverage a wildcard in the sudoers configuration to execute arbitrary commands as root. Published: 2022-10-11T00:00:00.000Z Updated: 2025-05-20T14:12:42.637Z Open on db.gcve.eu Reference links https://github.com/hashicorp/vagrant/pull/12910 https://www.vagrantup.com/docs/synced-folders/nfs https://discuss.hashicorp.com/t/hcsec-2022-23-vagrant-nfs-sudoers-configuration-allows-for-local-privilege-escalation/45423	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.