Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-5199 | 2 Apple, Canonical | 2 Macos, Multipass | 2025-08-26 | N/A | 7.3 HIGH |
|
In Canonical Multipass up to and including version 1.15.1 on macOS, incorrect default permissions allow a local attacker to escalate privileges by modifying files executed with administrative privileges by a Launch Daemon during system startup.
|
|||||
| CVE-2021-3747 | 2 Apple, Canonical | 2 Macos, Multipass | 2024-11-21 | 4.6 MEDIUM | 8.8 HIGH |
|
The MacOS version of Multipass, version 1.7.0, fixed in 1.7.2, accidentally installed the application directory with incorrect owner.
|
|||||
| CVE-2021-3626 | 2 Canonical, Microsoft | 2 Multipass, Windows | 2024-11-21 | 4.6 MEDIUM | 8.8 HIGH |
|
The Windows version of Multipass before 1.7.0 allowed any local process to connect to the localhost TCP control socket to perform mounts from the operating system to a guest, allowing for privilege escalation.
|
|||||