In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.1, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges.
CVSS Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HHashicorp Vagrant
APPHashicorp5.0.1
π΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
Related vulnerabilities
CVE-2022-42717HIGH7.8ten sam produkt
An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on...
CVE-2017-16777HIGH7.8ten sam produkt
If HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.3 is installed but VMware Fusion is ...
CVE-2023-5834LOW3.8ten sam produkt
HashiCorp Vagrant's Windows installer targeted a custom location with a non-protected path that could be junct...
CVE-2025-6000CRITICAL9.1PL βten sam vendor
HashiCorp Vault: RCE przez uprzywilejowanego operatora via sys/audit
CVE-2024-3817CRITICAL9.8PL βten sam vendor
HashiCorp go-getter: argument injection przy odkrywaniu zdalnych gaΕΔzi Git