CVE-2022-42717

7.8HIGH

Key Information

Vendor: Hashicorp
Status: Vagrant
Vendor: CVE Published:; 11 October 2022

Summary

An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configured according to this documentation, non-privileged users on the host can leverage a wildcard in the sudoers configuration to execute arbitrary commands as root.

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Oct 11, 2022
Vulnerability Reserved.
Oct 10, 2022

Collectors

NVD DatabaseMitre Database