CVE-2021-47756
8.4
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
Laravel Valet versions 1.1.4 to 2.0.3 contain a local privilege escalation vulnerability that allows users to modify the valet command with root privileges. Attackers can edit the symlinked valet command to execute arbitrary code with root permissions without additional authentication.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Laravel | Laravel Valet | 1.1.4 to 2.0.3 | affected |
Weaknesses
- CWE-732: Incorrect Permission Assignment for Critical Resource
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: total
References
- https://www.exploit-db.com/exploits/50591
- https://laravel.com/docs/8.x/valet
- https://www.vulncheck.com/advisories/laravel-valet-local-privilege-escalation-macos
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.