CVE-2021-3626External Control of File Name or Path in Multipass

CWE-73External Control of File Name or PathCWE-284Improper Access ControlCWE-269Improper Privilege Management3 documents3 sources
Severity
8.8HIGHNVD
EPSS
0.0%
top 85.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Canonical Multipass
Timeline
PublishedOct 1
Latest updateMay 24

Description

The Windows version of Multipass before 1.7.0 allowed any local process to connect to the localhost TCP control socket to perform mounts from the operating system to a guest, allowing for privilege escalation.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages2 packages

CVEListV5canonical/multipassunspecified1.7.0
NVDcanonical/multipass< 1.7.0

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-68wj-3pj9-r3hp: The Windows version of Multipass before 12022-05-24
CVEList
Windows version of Multipass unauthenticated localhost tcp control socket can perform mounts2021-10-01
CVE-2021-3626 — External Control of File Name or Path | cvebase