MacOS version of Multipass incorrect owner for application directory
CVE-2021-3747

8.8HIGH

Key Information:

Vendor

Canonical

Status
Multipass
Vendor
CVE Published:
28 September 2021

What is CVE-2021-3747?

The MacOS version of Multipass, version 1.7.0, fixed in 1.7.2, accidentally installed the application directory with incorrect owner.

Affected Version(s)

Multipass 1.7 < 1.7.2

References

https://github.com/canonical/multipass/issues/2261
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Matthew Conway
.
CVE-2021-3747 : MacOS version of Multipass incorrect owner for application directory