CVE-2017-7642

Published August 2nd, 2017

View on NVD ↗

CVSS v3

N/A

CVSS v2

7.2

HIGH

Affected

PROJECT

Description

The sudo helper in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.21 allows local users to gain root privileges by leveraging failure to verify the path to the encoded ruby script or scrub the PATH variable.

hashicorp/vagrant-plugin-changelog

This is the CHANGELOG for `vagrant-share`, `vagrant-login` and `vagrant-vmware-*`.

GitHub