CVE Vulnerability

CVE-2022-42717

An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configured according to this documentation, non-privileged users on the host can leverage a wildcard in the sudoers configuration to execute arbitrary commands as root.

7.8 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://discuss.hashicorp.com/t/hcsec-2022-23-vagrant-nfs-sudoers-configuration-allows-for-local-privilege-escalation/45423 Vendor Advisory
https://github.com/hashicorp/vagrant/pull/12910 Patch Third Party Advisory
https://www.vagrantup.com/docs/synced-folders/nfs Product
Configurations

Configuration 1
Information

Published : 2022-10-11 11:15

Updated : 2022-10-18 06:00

NVD link : CVE-2022-42717

Mitre link : CVE-2022-42717

Products Affected

Hashicorp

Vagrant

CWE
CWE-269