Vulnerability Database

309,136

Total vulnerabilities in the database

CVE-2023-5834

HashiCorp Vagrant's Windows installer targeted a custom location with a non-protected path that could be junctioned, introducing potential for unauthorized file system writes. Fixed in Vagrant 2.4.0.

Published: Oct 27, 2023
Updated: Nov 16, 2025
CVE: CVE-2023-5834
GHSA: GHSA-47xw-vw6m-w9fq
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 3.8
AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

CWEs:

CWE-59
CWE-1386

Affected Software
References

Software	From	Fixed in
github.com/hashicorp/vagrant	-	2.4.0
hashicorp / vagrant	-	2.4.0

https://discuss.hashicorp.com/t/hcsec-2023-31-vagrant-s-windows-installer-allowed-directory-junction-write/59568

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo