This page lists publicly disclosed CVE vulnerabilities affecting hashicorp vagrant (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-5834 | HashiCorp Vagrant's Windows installer targeted a custom location with a non-protected path that could be junctioned, introducing potential for unauthorized file system writes. Fixed in Vagrant 2.4.0. | [email protected] | 3.8 | 0.22% | 2023-10-27 | 2024-11-21 |
| CVE-2022-42717 | An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configured according to this documentation, non-privileged users on the host can leverage a wildcard in the sudoers configuration to execute arbitrary commands as root. | [email protected] | 7.8 | 0.23% | 2022-10-11 | 2025-05-20 |
| CVE-2017-16777 | If HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.3 is installed but VMware Fusion is not, a local attacker can create a fake application directory and exploit the suid sudo helper in order to escalate to root. | [email protected] | 7.8 | 0.98% | 2017-11-16 | 2026-05-13 |
| CVE-2017-16001 | In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.1, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges. | [email protected] | 7.8 | 0.93% | 2017-11-06 | 2026-05-13 |