CVE-2023-5834

HIGH Year: 2023
CVSS v3 Score
7.8
High
Weakness Type
CWE-1386
View all →

Vulnerability Description

HashiCorp Vagrant's Windows installer targeted a custom location with a non-protected path that could be junctioned, introducing potential for unauthorized file system writes. Fixed in Vagrant 2.4.0.

Related Vulnerabilities

CVE-2023-28065

HIGH
CVSS:7.3(High)

Dell Command | Update, Dell Update, and Alienware Update versions 4.8.0 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentiall...

CWE-13862023

CVE-2023-23698

HIGH
CVSS:7.1(High)

Dell Command | Update, Dell Update, and Alienware Update versions before 4.6.0 and 4.7.1 contain Insecure Operation on Windows Junction in the installer component. A local malicious user may potential...

CWE-13862023

CVE-2023-28071

HIGH
CVSS:7.1(High)

Dell Command | Update, Dell Update, and Alienware Update versions 4.9.0, A01 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could poten...

CWE-13862023

CVE-2023-32454

HIGH
CVSS:7.1(High)

DUP framework version 4.9.4.36 and prior contains insecure operation on Windows junction/Mount point vulnerability. A local malicious standard user could exploit the vulnerability to create arbitrary ...

CWE-13862023

CVE-2023-40623

HIGH
CVSS:7.1(High)

SAP BusinessObjects Suite Installer - version 420, 430, allows an attacker within the network to create a directory under temporary directory and link it to a directory with operating system files. On...

CWE-13862023

CVE-2023-32474

MEDIUM
CVSS:6.6(Medium)

Dell Display Manager application, version 2.1.1.17 and prior, contain an insecure operation on windows junction/mount point. A local malicious user could potentially exploit this vulnerability during ...

CWE-13862023