CVE-2022-42717 : HASHICORP PACKER UP TO 2.3.0 SUDO PRIVILEGE ESCALATION

Description

An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configured according to this documentation, non-privileged users on the host can leverage a wildcard in the sudoers configuration to execute arbitrary commands as root.

References

https://www.vagrantup.com/docs/synced-folders/nfs

https://github.com/hashicorp/vagrant/pull/12910

https://discuss.hashicorp.com/t/hcsec-2022-23-vagrant-nfs-sudoers-configuration-allows-for-local-privilege-escalation/45423

For More Information

MITRE

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2024-3319 : SAILPOINT IDENTITY SECURITY CLOUD TRANSFORM PREVIEW/IDENTITYPROFILE PREVIEW CODE INJECTION

CVE-2024-3319 : SAILPOINT IDENTITY SECURITY CLOUD TRANSFORM PREVIEW/IDENTITYPROFILE PREVIEW CODE INJECTION

Description An issue was identified in the Identity Security Cloud (ISC) Transform preview and IdentityProfile preview API endpoints that allowed

CVE-2024-4984 : YOAST SEO PLUGIN UP TO 22.6 ON WORDPRESS DISPLAY_NAME CROSS SITE SCRIPTING

CVE-2024-4984 : YOAST SEO PLUGIN UP TO 22.6 ON WORDPRESS DISPLAY_NAME CROSS SITE SCRIPTING

Description The Yoast SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘display_name’ author meta in all

CVE-2024-32888 : AWS AMAZON-REDSHIFT-JDBC-DRIVER UP TO 2.1.0.27 SQL INJECTION

CVE-2024-32888 : AWS AMAZON-REDSHIFT-JDBC-DRIVER UP TO 2.1.0.27 SQL INJECTION

Description The Amazon JDBC Driver for Redshift is a Type 4 JDBC driver that provides database connectivity through the standard