CVE-2024-10228 — Incorrect Permission Assignment in Vagrant

CWE-732 — Incorrect Permission Assignment2 documents2 sources

Severity

3.3LOWNVD

EPSS

0.0%

top 87.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Hashicorp Vagrant Hashicorp Vagrant Vmware Utility

Timeline

PublishedOct 29

Latest updateOct 30

Description

The Vagrant VMWare Utility Windows installer targeted a custom location with a non-protected path that could be modified by an unprivileged user, introducing potential for unauthorized file system writes. This vulnerability, CVE-2024-10228, was fixed in Vagrant VMWare Utility 1.0.23

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

▶NVDhashicorp/vagrant_vmware_utility< 1.0.23

▶CVEListV5hashicorp/vagrant< 1.0.23

🔴Vulnerability Details

GHSA

GHSA-f8cq-cpqj-phg9: The Vagrant VMWare Utility Windows installer targeted a custom location with a non-protected path that could be modified by an unprivileged user, intr↗2024-10-30

▶