Bulletin ID: HCSEC-2022-23
Affected Products / Versions: Vagrant <2.3.1
Publication Date: October 10, 2022
Optional sudoers configuration for Vagrant NFS shared folders allows for local privilege escalation
The documentation associated with Vagrant’s NFS driver for Linux suggested configuring a Vagrant host with a specific sudoers configuration, which removed the need for vagrant users to type their password every time they started a Vagrant guest. This additional configuration is optional, and must be enabled by the user installing Vagrant on a host.
The recommended sudoers configuration for Vagrant on linux is insecure. If the host has been configured according to this documentation, non-privileged users on the host can leverage a wildcard in the sudoers configuration to execute arbitrary commands as root. New recommendations have been published to the Vagrant documentation website, and the necessary changes to support these recommendations are available in Vagrant 2.3.1. This issue has been assigned CVE-2022-42717.
Linux Vagrant users should update to version 2.3.1, and follow the new instructions in our documentation for configuring their host’s sudoers file.
The updated documentation is available here.
Hashicorp would like to thank Bastien Secher of Nameshield for discovering and reporting this vulnerability.
We deeply appreciate any effort to coordinate disclosure of security vulnerabilities. For information about security at HashiCorp and the reporting of security vulnerabilities, please see https://hashicorp.com/security.