Canonical: >> Multipass Security Vulnerabilities
The MacOS version of Multipass, version 1.7.0, fixed in 1.7.2, accidentally installed the application directory with incorrect owner.
CVSS Score
8.8
EPSS Score
0.001
Published
2021-10-01
The Windows version of Multipass before 1.7.0 allowed any local process to connect to the localhost TCP control socket to perform mounts from the operating system to a guest, allowing for privilege escalation.
CVSS Score
8.8
EPSS Score
0.001
Published
2021-10-01