CVE-2023-5834 LOW

CVE-2023-5834: Vagrant’s Windows Installer Allowed Directory Junction Write

Vendor Hashicorp
Product Vagrant
Weakness CWE-1386
Published October 27, 2023
Last update September 9, 2024

CVSS base score

3.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

What the vulnerability does

01Description

HashiCorp Vagrant's Windows installer targeted a custom location with a non-protected path that could be junctioned, introducing potential for unauthorized file system writes. Fixed in Vagrant 2.4.0.

Key dates

02Disclosure timeline

October 27, 2023 CVE published
September 9, 2024 Record updated