CVE-2021-3626

Published October 1st, 2021

View on NVD ↗

CVSS v3

8.8

HIGH

CVSS v2

4.6

MEDIUM

Affected

PROJECT

Description

The Windows version of Multipass before 1.7.0 allowed any local process to connect to the localhost TCP control socket to perform mounts from the operating system to a guest, allowing for privilege escalation.

canonical/multipass

Multipass orchestrates virtual Ubuntu instances

GitHub

9.12K