Описание
The sudo helper in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.21 allows local users to gain root privileges by leveraging failure to verify the path to the encoded ruby script or scrub the PATH variable.
Ссылки
- ExploitMailing ListThird Party Advisory
- Release NotesThird Party Advisory
- ExploitThird Party Advisory
- Third Party AdvisoryVDB Entry
- ExploitMailing ListThird Party Advisory
- Release NotesThird Party Advisory
- ExploitThird Party Advisory
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия до 4.0.20 (включая)
cpe:2.3:a:hashicorp:vagrant_vmware_fusion:*:*:*:*:*:*:*:*
EPSS
Процентиль: 59%
0.00385
Низкий
7.8 High
CVSS3
7.2 High
CVSS2
Дефекты
CWE-426
Связанные уязвимости
CVSS3: 7.8
github
больше 3 лет назад
The sudo helper in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.21 allows local users to gain root privileges by leveraging failure to verify the path to the encoded ruby script or scrub the PATH variable.
EPSS
Процентиль: 59%
0.00385
Низкий
7.8 High
CVSS3
7.2 High
CVSS2
Дефекты
CWE-426