exploitDog

GHSA-fgv7-f23j-2rj6

Опубликовано: 13 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 7.8

Описание

If HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.3 is installed but VMware Fusion is not, a local attacker can create a fake application directory and exploit the suid sudo helper in order to escalate to root.

If HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.3 is installed but VMware Fusion is not, a local attacker can create a fake application directory and exploit the suid sudo helper in order to escalate to root.

Ссылки

EPSS

Процентиль: 26%

0.00089

Низкий

7.8 High

CVSS3

CVE ID

Дефекты

CWE-427

Связанные уязвимости

CVE-2017-16777

CVSS3: 7.8

nvd

около 8 лет назад

If HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.3 is installed but VMware Fusion is not, a local attacker can create a fake application directory and exploit the suid sudo helper in order to escalate to root.

EPSS

Процентиль: 26%

0.00089

Низкий

7.8 High

CVSS3

CVE ID

Дефекты

CWE-427