The Vagrant VMWare Utility Windows installer targeted a custom location with a non-protected path that could be modified by an unprivileged user, introducing potential for unauthorized file system writes. This vulnerability, CVE-2024-10228, was fixed in Vagrant VMWare Utility 1.0.23
References
Configurations
History
07 Nov 2024, 17:12
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 3.3 |
First Time |
Hashicorp
Hashicorp vagrant Vmware Utility |
|
CPE | cpe:2.3:a:hashicorp:vagrant_vmware_utility:*:*:*:*:*:windows:*:* | |
References | () https://discuss.hashicorp.com/t/hcsec-2024-25-vagrant-vmware-utility-installation-files-vulnerable-to-modification-by-unprivileged-user - Vendor Advisory |
01 Nov 2024, 12:57
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
29 Oct 2024, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-29 22:15
Updated : 2024-11-07 17:12
NVD link : CVE-2024-10228
Mitre link : CVE-2024-10228
CVE.ORG link : CVE-2024-10228
JSON object : View
Products Affected
hashicorp
- vagrant_vmware_utility
CWE
CWE-732
Incorrect Permission Assignment for Critical Resource