Free Trial

CVE-2022-42717 : HASHICORP PACKER UP TO 2.3.0 SUDO PRIVILEGE ESCALATION

Description

An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configured according to this documentation, non-privileged users on the host can leverage a wildcard in the sudoers configuration to execute arbitrary commands as root.

References

https://www.vagrantup.com/docs/synced-folders/nfs

https://github.com/hashicorp/vagrant/pull/12910

https://discuss.hashicorp.com/t/hcsec-2022-23-vagrant-nfs-sudoers-configuration-allows-for-local-privilege-escalation/45423

For More Information

MITRE

Common Vulnerabilityies and Exposures

CVE-2022-42717 : HASHICORP PACKER UP TO 2.3.0 SUDO PRIVILEGE ESCALATION
CVE-2022-42717 : HASHICORP PACKER UP TO 2.3.0 SUDO PRIVILEGE ESCALATION

Contact us to get started

CVE-2022-4126 : ABB RCCMD PRIOR 4.40 230207 HARD-CODED PASSWORD

CVE-2022-4126 : ABB RCCMD PRIOR 4.40 230207 HARD-CODED PASSWORD

Description Use of Default Password vulnerability in ABB RCCMD on Windows, Linux, MacOS allows Try Common or Default Usernames and

Learn more
CVE-2023-25655 : BASERCMS UP TO 4.7.4 UNRESTRICTED UPLOAD

CVE-2023-25655 : BASERCMS UP TO 4.7.4 UNRESTRICTED UPLOAD

Description baserCMS is a Content Management system. Prior to version 4.7.5, any file may be uploaded on the management system

Learn more
CVE-2023-1050 : AS KOC ENERGY WEB REPORT SYSTEM PRIOR 23.03.10 SQL INJECTION

CVE-2023-1050 : AS KOC ENERGY WEB REPORT SYSTEM PRIOR 23.03.10 SQL INJECTION

Description Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in As Koc Energy Web Report

Learn more