{"id":"CVE-2023-5834","details":"HashiCorp Vagrant's Windows installer targeted a custom location with a non-protected path that could be junctioned, introducing potential for unauthorized file system writes. Fixed in Vagrant 2.4.0.","aliases":["GHSA-47xw-vw6m-w9fq"],"modified":"2026-04-10T05:07:11.880932Z","published":"2023-10-27T22:15:09.163Z","references":[{"type":"ADVISORY","url":"https://discuss.hashicorp.com/t/hcsec-2023-31-vagrant-s-windows-installer-allowed-directory-junction-write/59568"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/hashicorp/vagrant","events":[{"introduced":"0"},{"fixed":"5a2b888c371bd0c8dcae3abe1403e89020c6d6ca"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.4.0"}]}}],"versions":["+","2.3.5.dev+0365203","2.3.5.dev+4903453","2.3.5.dev+5841744","2.3.5.dev+7e3ffe1","2.3.5.dev+91884c0","2.3.5.dev+a23be8d","2.3.5.dev+e65aa56","2.3.5.dev+e6a9dda","2.3.6.dev+000085-9509f43","2.3.6.dev+5009580690-66edc80","2.3.6.dev+66edc80","2.3.6.dev+68b3d94","2.3.7.dev+000013-1b63ba85","2.3.7.dev+000016-1b63ba85","2.3.7.dev+000017-1b63ba85","2.3.7.dev+000018-9c83a75b","2.3.7.dev+000019-0533386d","2.3.7.dev+000020-0533386d","2.3.7.dev+000021-0533386d","2.3.7.dev+000022-0533386d","2.3.7.dev+000023-0533386d","2.3.7.dev+000024-0533386d","2.3.7.dev+000029-8fbbc8f4","2.3.7.dev+000031-8a5b57cc","2.3.7.dev+000032-8a5b57cc","2.3.7.dev+000093-5900771a","2.3.7.dev+000094-9c83a75b","2.3.8.dev+000031-f72cda8b","2.3.8.dev+000032-f72cda8b","2.3.8.dev+000040-f056c293","2.3.8.dev+000041-f056c293","2.3.8.dev+000042-f056c293","2.3.8.dev+000043-f056c293","2.3.8.dev+000044-f056c293","2.3.8.dev+000045-f056c293","2.3.8.dev+000046-848f2a7f","2.3.8.dev+000047-848f2a7f","2.3.8.dev+000048-848f2a7f","2.3.8.dev+000049-848f2a7f","2.3.8.dev+000050-848f2a7f","2.3.8.dev+000051-848f2a7f","2.3.8.dev+000052-848f2a7f","2.3.8.dev+000053-848f2a7f","2.3.8.dev+000054-848f2a7f","2.3.8.dev+000055-848f2a7f","2.3.8.dev+000056-848f2a7f","2.3.8.dev+000057-8004b9e0","2.3.8.dev+000058-8004b9e0","2.3.8.dev+000060-8004b9e0","2.3.8.dev+000061-8004b9e0","2.3.8.dev+000062-8004b9e0","2.3.8.dev+000063-8004b9e0","2.3.8.dev+000064-8004b9e0","2.3.8.dev+000065-8004b9e0","2.3.8.dev+000066-8004b9e0","2.3.8.dev+000067-8004b9e0","2.3.8.dev+000068-8004b9e0","2.3.8.dev+000069-8004b9e0","2.3.8.dev+000070-8004b9e0","2.3.8.dev+000071-8004b9e0","2.3.8.dev+000079-5fc64cde","2.3.8.dev+000080-5fc64cde","2.3.8.dev+000081-5fc64cde","2.3.8.dev+000082-5fc64cde","2.3.8.dev+000083-5fc64cde","2.3.8.dev+000084-5fc64cde","2.3.8.dev+000085-5fc64cde","2.3.8.dev+000086-5fc64cde","2.3.8.dev+000094-a7135c00","2.3.8.dev+000098-91191982","2.3.8.dev+000099-b1610c10","2.3.8.dev+000100-b1610c10","2.3.8.dev+000101-b1610c10","2.3.8.dev+000102-b1610c10","2.3.8.dev+000103-b1610c10","2.3.8.dev+000104-b1610c10","2.3.8.dev+000105-b1610c10","2.3.8.dev+000106-b1610c10","2.3.8.dev+000107-b1610c10","2.3.8.dev+000108-b1610c10","2.3.8.dev+000109-b1610c10","2.3.8.dev+000110-34092d97","2.3.8.dev+000111-34092d97","2.3.8.dev+000112-34092d97","2.3.8.dev+000113-2809ef97","2.3.8.dev+000114-2809ef97","2.3.8.dev+000115-d5f12fd7","2.3.8.dev+000116-d5f12fd7","2.3.8.dev+000117-d5f12fd7","2.3.8.dev+000118-d5f12fd7","2.3.8.dev+000119-d5f12fd7","2.3.8.dev+000120-c8fc8b3a","2.3.8.dev+000121-c8fc8b3a","2.3.8.dev+000122-c8fc8b3a","2.3.8.dev+000123-c8fc8b3a","2.3.8.dev+000124-c8fc8b3a","2.3.8.dev+000125-c8fc8b3a","2.3.8.dev+000129-ba10fe9e","2.3.8.dev+000134-ba10fe9e","v0.1.0","v0.1.1","v0.1.2","v0.1.3","v0.1.4","v0.2.0","v0.3.0","v0.3.1","v0.3.2","v0.4.0","v0.4.2","v0.5.0","v0.5.1","v0.5.2","v0.5.3","v0.6.0","v0.6.1","v0.6.2","v0.6.3","v0.6.4","v0.6.5","v0.6.6","v0.6.7","v0.6.8","v0.7.0","v0.7.1","v0.7.2","v0.7.3","v0.7.4","v0.7.5","v0.7.6","v0.8.0","v0.8.1","v0.8.2","v0.8.3","v0.8.4","v0.8.5","v0.8.6","v0.8.7","v0.8.8","v0.9.0","v0.9.1","v0.9.2","v0.9.3","v0.9.4","v0.9.5","v0.9.6","v1.0.0","v1.0.0.rc1","v1.0.0.rc2","v1.0.1","v1.0.2","v1.1.0","v1.1.1","v1.1.2","v1.1.3","v1.1.4","v1.1.5","v1.2.0","v1.2.1","v1.2.2","v1.2.3","v1.2.4","v1.2.5","v1.2.6","v1.2.7","v1.3.0","v1.3.1","v1.3.2","v1.3.3","v1.3.4","v1.3.5","v1.4.0","v1.4.1","v1.4.2","v1.5.0","v1.5.1","v1.5.2","v1.5.3","v1.5.4","v1.6.0","v1.6.1","v1.6.2","v1.6.3","v1.6.4","v1.6.5","v1.7.0","v1.7.1","v1.7.2","v1.7.3","v1.7.4","v1.8.0","v1.8.1","v1.8.3","v1.8.4","v1.8.5","v1.8.6","v1.8.7","v1.9.0","v1.9.1","v1.9.2","v1.9.3","v1.9.4","v1.9.5","v1.9.6","v1.9.7","v1.9.8","v2.0.0","v2.0.1","v2.0.2","v2.0.3","v2.0.4","v2.1.0","v2.1.1","v2.1.2","v2.1.3","v2.1.4","v2.1.5","v2.2.0","v2.2.1","v2.2.10","v2.2.11","v2.2.12","v2.2.13","v2.2.14","v2.2.15","v2.2.16","v2.2.17","v2.2.18","v2.2.19","v2.2.2","v2.2.3","v2.2.4","v2.2.5","v2.2.6","v2.2.7","v2.2.8","v2.2.9","v2.3.0","v2.3.1","v2.3.2","v2.3.3","v2.3.4","v2.3.5","v2.3.6","v2.3.7"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-5834.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}