Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vagrant vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2021-21361
The `com.bmuschko:gradle-vagrant-plugin` Gradle plugin contains an information disclosure vulnerability due to the logging of the system environment variables. When this Gradle plugin is executed in public CI/CD, this can lead to sensitive credentials being exposed to malicious a...
Vagrant Project Vagrant
7.8
CVSSv3
CVE-2023-5834
HashiCorp Vagrant's Windows installer targeted a custom location with a non-protected path that could be junctioned, introducing potential for unauthorized file system writes. Fixed in Vagrant 2.4.0.
Hashicorp Vagrant
7.8
CVSSv3
CVE-2022-42717
An issue exists in Hashicorp Packer prior to 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configured according to this documentation, non-privileged users on the host can leverage a wildcard in the sudoers configuration to ex...
Hashicorp Vagrant
7.8
CVSSv3
CVE-2017-16777
If HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.3 is installed but VMware Fusion is not, a local attacker can create a fake application directory and exploit the suid sudo helper in order to escalate to root.
Hashicorp Vagrant 5.0.3
1 EDB exploit
7.8
CVSSv3
CVE-2017-16001
In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.1, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges.
Hashicorp Vagrant 5.0.1
1 EDB exploit
7.8
CVSSv3
CVE-2017-16512
The vagrant update process in Hashicorp vagrant-vmware-fusion 5.0.2 up to and including 5.0.4 allows local users to steal root privileges via a crafted update request when no updates are available.
Hashicorp Vagrant Vmware Fusion
7.8
CVSSv3
CVE-2017-12579
An insecure suid wrapper binary in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 4.0.24 and previous versions allows a non-root user to obtain a root shell.
Hashicorp Vagrant Vmware Fusion
1 EDB exploit
7.8
CVSSv3
CVE-2017-16873
It is possible to exploit an unsanitized PATH in the suid binary that ships with vagrant-vmware-fusion 4.0.25 up to and including 5.0.4 in order to escalate to root privileges.
Hashicorp Vagrant Vmware Fusion
8.8
CVSSv3
CVE-2017-11741
HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) prior to 4.0.24 uses weak permissions for the sudo helper scripts, allows local users to execute arbitrary code with root privileges by overwriting one of the scripts.
Hashicorp Vagrant Vmware Fusion
1 EDB exploit
7.8
CVSSv3
CVE-2017-7642
The sudo helper in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) prior to 4.0.21 allows local users to gain root privileges by leveraging failure to verify the path to the encoded ruby script or scrub the PATH variable.
Hashicorp Vagrant Vmware Fusion
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »