CVE-2024-10228

The Vagrant VMWare Utility Windows installer targeted a custom location with a non-protected path that could be modified by an unprivileged user, introducing potential for unauthorized file system writes. This vulnerability, CVE-2024-10228, was fixed in Vagrant VMWare Utility 1.0.23
Configurations

Configuration 1 (hide)

cpe:2.3:a:hashicorp:vagrant_vmware_utility:*:*:*:*:*:windows:*:*

History

07 Nov 2024, 17:12

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 3.8
v2 : unknown
v3 : 3.3
First Time Hashicorp
Hashicorp vagrant Vmware Utility
CPE cpe:2.3:a:hashicorp:vagrant_vmware_utility:*:*:*:*:*:windows:*:*
References () https://discuss.hashicorp.com/t/hcsec-2024-25-vagrant-vmware-utility-installation-files-vulnerable-to-modification-by-unprivileged-user - () https://discuss.hashicorp.com/t/hcsec-2024-25-vagrant-vmware-utility-installation-files-vulnerable-to-modification-by-unprivileged-user - Vendor Advisory

01 Nov 2024, 12:57

Type Values Removed Values Added
Summary
  • (es) El instalador de Windows de Vagrant VMWare Utility apuntaba a una ubicación personalizada con una ruta no protegida que podía ser modificada por un usuario sin privilegios, lo que generaba la posibilidad de escrituras no autorizadas en el sistema de archivos. Esta vulnerabilidad, CVE-2024-10228, se corrigió en Vagrant VMWare Utility 1.0.23

29 Oct 2024, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-29 22:15

Updated : 2024-11-07 17:12


NVD link : CVE-2024-10228

Mitre link : CVE-2024-10228

CVE.ORG link : CVE-2024-10228


JSON object : View

Products Affected

hashicorp

  • vagrant_vmware_utility
CWE
CWE-732

Incorrect Permission Assignment for Critical Resource