Vagrant 2.4.0: Windows Installer Junction Path Traversal
CVE-2023-5834 Published on October 27, 2023

Vagrant’s Windows Installer Allowed Directory Junction Write
HashiCorp Vagrant's Windows installer targeted a custom location with a non-protected path that could be junctioned, introducing potential for unauthorized file system writes. Fixed in Vagrant 2.4.0.

NVD

Vulnerability Analysis

CVE-2023-5834 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.

Attack Vector:

LOCAL

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

NONE

Scope:

CHANGED

Confidentiality Impact:

NONE

Integrity Impact:

LOW

Availability Impact:

NONE

Weakness Type

CWE-1386

Products Associated with CVE-2023-5834

Want to know whenever a new CVE is published for HashiCorp Vagrant? stack.watch will email you.

HashiCorp Vagrant

Affected Versions

HashiCorp Vagrant:

Version * and below 2.4.0 is affected.

Exploit Probability

EPSS

0.08%

Percentile

24.32%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Vagrant 2.4.0: Windows Installer Junction Path TraversalCVE-2023-5834 Published on October 27, 2023

Vulnerability Analysis

Weakness Type

Products Associated with CVE-2023-5834

Affected Versions

Exploit Probability

Vagrant 2.4.0: Windows Installer Junction Path Traversal
CVE-2023-5834 Published on October 27, 2023