We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-10228

Vagrant VMWare Utility installation files vulnerable to modification by unprivileged user



Description

The Vagrant VMWare Utility Windows installer targeted a custom location with a non-protected path that could be modified by an unprivileged user, introducing potential for unauthorized file system writes. This vulnerability, CVE-2024-10228, was fixed in Vagrant VMWare Utility 1.0.23

Reserved 2024-10-22 | Published 2024-10-29 | Updated 2024-10-30 | Assigner HashiCorp


LOW: 3.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

Problem types

CWE-732: Incorrect Permission Assignment for Critical Resource

Product status

Default status
unaffected

Any version before 1.0.23
affected

References

discuss.hashicorp.com/...o-modification-by-unprivileged-user

cve.org (CVE-2024-10228)

nvd.nist.gov (CVE-2024-10228)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-10228

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.