← volver
CVE-2021-47756

Laravel Valet 2.0.3 - Local Privilege Escalation (macOS)

CVSS 8.4 HIGHEPSS 0.2%CWE-732
Laravel Valet versions 1.1.4 to 2.0.3 contain a local privilege escalation vulnerability that allows users to modify the valet command with root privileges. Attackers can edit the symlinked valet command to execute arbitrary code with root permissions without additional authentication.
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Productos afectados
Laravel · Laravel Valet

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://laravel.com/docs/8.x/valethttps://www.exploit-db.com/exploits/50591https://www.vulncheck.com/advisories/laravel-valet-local-privilege-escalation-macos