CVE-2023-5834 Information

Description

HashiCorp Vagrant’s Windows installer targeted a custom location with a non-protected path that could be junctioned introducing potential for unauthorized file system writes. Fixed in Vagrant 2.4.0.

Reference

https://discuss.hashicorp.com/t/hcsec-2023-31-vagrant-s-windows-installer-allowed-directory-junction-write/59568