CVE-2022-42717Improper Access Control in Vagrant

CWE-284Improper Access ControlCWE-269Improper Privilege Management5 documents4 sources
Severity
7.8HIGHNVD
OSV7.5
EPSS
0.1%
top 73.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Hashicorp VagrantMsrc Cbl2 Packer 1.8.7-1 ON CBL Mariner 2.0
Timeline
PublishedOct 11
Latest updateSep 14

Description

An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configured according to this documentation, non-privileged users on the host can leverage a wildcard in the sudoers configuration to execute arbitrary commands as root.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDhashicorp/vagrant< 2.3.1

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
OSV
modsecurity-apache vulnerabilities2023-09-14
GHSA
GHSA-mc87-5qgf-5qvj: An issue was discovered in Hashicorp Packer before 22022-10-12
OSV
CVE-2022-42717: An issue was discovered in Hashicorp Packer before 22022-10-11

📋Vendor Advisories

1
Microsoft
An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configured according to this documentation non-pr2022-10-11