Headline
GHSA-47xw-vw6m-w9fq: HashiCorp Vagrant Insecure Operation on Windows Junction / Mount Point vulnerability
HashiCorp Vagrant’s Windows installer targeted a custom location with a non-protected path that could be junctioned, introducing potential for unauthorized file system writes. Fixed in Vagrant 2.4.0.
HashiCorp Vagrant Insecure Operation on Windows Junction / Mount Point vulnerability
Low severity GitHub Reviewed Published Oct 28, 2023 to the GitHub Advisory Database • Updated Oct 31, 2023
Related news
CVE-2023-5834: HCSEC-2023-31 - Vagrant’s Windows Installer Allowed Directory Junction Write
HashiCorp Vagrant's Windows installer targeted a custom location with a non-protected path that could be junctioned, introducing potential for unauthorized file system writes. Fixed in Vagrant 2.4.0.