CVE-2021-47756

Laravel Valet 2.0.3 - Local Privilege Escalation (macOS)

CVSS 8.4 HIGHEPSS 0.2%CWE-732

Laravel Valet versions 1.1.4 to 2.0.3 contain a local privilege escalation vulnerability that allows users to modify the valet command with root privileges. Attackers can edit the symlinked valet command to execute arbitrary code with root permissions without additional authentication.

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

Laravel · Laravel Valet

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://laravel.com/docs/8.x/valet https://www.exploit-db.com/exploits/50591 https://www.vulncheck.com/advisories/laravel-valet-local-privilege-escalation-macos