CVE-2017-7642

Severity CVSS v4.0:
Pending analysis
Type:
CWE-426 Untrusted Search Path
Publication date:
02/08/2017
Last modified:
20/04/2025

Description

The sudo helper in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.21 allows local users to gain root privileges by leveraging failure to verify the path to the encoded ruby script or scrub the PATH variable.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:hashicorp:vagrant_vmware_fusion:*:*:*:*:*:*:*:* 4.0.20 (including)