CVE-2022-42717

HIGH

Vagrant < 2.3.1 - Local Privilege Escalation via Sudoers Configuration

Title source: llm

Description

An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configured according to this documentation, non-privileged users on the host can leverage a wildcard in the sudoers configuration to execute arbitrary commands as root.

References (3)

Core 3

Core References

Vendor Advisory

https://discuss.hashicorp.com/t/hcsec-2022-23-vagrant-nfs-sudoers-configuration-allows-for-local-privilege-escalation/45423

Patch, Third Party Advisory

https://github.com/hashicorp/vagrant/pull/12910

Product

https://www.vagrantup.com/docs/synced-folders/nfs

Scores

CVSS v3 7.8

EPSS 0.0010

EPSS Percentile 26.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-284

Status published

Products (1)

hashicorp/vagrant < 2.3.1

Published Oct 11, 2022

Tracked Since Feb 18, 2026