Canonical

Multipass

5 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 0.14%
  • Veröffentlicht 28.05.2026 14:16:24
  • Zuletzt bearbeitet 01.06.2026 13:27:32

An issue was discovered in Canonical Multipass for macOS before version 1.16.3 due to an incomplete fix for CVE-2025-5199. While the patch in version 1.16.0 updated the ownership of the multipassd daemon binary to root:wheel, five co-located binaries...

Exploit
  • EPSS 0.51%
  • Veröffentlicht 28.05.2026 14:16:24
  • Zuletzt bearbeitet 01.06.2026 13:26:31

An issue was discovered in Canonical Multipass before version 1.16.3. The host-side SFTP server component (sshfs_server), which executes with root privileges on the host, contains a path containment bypass vulnerability within its validate_path funct...

Exploit
  • EPSS 0.15%
  • Veröffentlicht 11.07.2025 23:21:30
  • Zuletzt bearbeitet 26.08.2025 18:37:22

In Canonical Multipass up to and including version 1.15.1 on macOS, incorrect default permissions allow a local attacker to escalate privileges by modifying files executed with administrative privileges by a Launch Daemon during system startup.

  • EPSS 0.24%
  • Veröffentlicht 01.10.2021 03:15:07
  • Zuletzt bearbeitet 21.11.2024 06:22:19

The MacOS version of Multipass, version 1.7.0, fixed in 1.7.2, accidentally installed the application directory with incorrect owner.

  • EPSS 0.24%
  • Veröffentlicht 01.10.2021 03:15:06
  • Zuletzt bearbeitet 21.11.2024 06:22:00

The Windows version of Multipass before 1.7.0 allowed any local process to connect to the localhost TCP control socket to perform mounts from the operating system to a guest, allowing for privilege escalation.