Canonical Multipass 安全漏洞

Canonical Multipass is a virtual instance of Ubuntu developed by Canonical OpenSource. Versions of Canonical Multipass prior to 1.16.3 contained security vulnerabilities. These vulnerabilities stemmed from the validatepath function in the sshfsserver component, which had a path bypass issue. It...

EUVD-2021-26929

Malware in sbrugna...

CVE-2025-53640

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Starting in version 2.2 and prior to version 3.3.7, an endpoint used to display details of users listed in certain fields such as ACLs could be misused to dump basic user details such ...

CVE-2025-53640 Indico vulnerable to user enumeration via API endpoint

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Starting in version 2.2 and prior to version 3.3.7, an endpoint used to display details of users listed in certain fields such as ACLs could be misused to dump basic user details such ...

CVE-2025-5199

In Canonical Multipass up to and including version 1.15.1 on macOS, incorrect default permissions allow a local attacker to escalate privileges by modifying files executed with administrative privileges by a Launch Daemon during system startup...

PT-2025-29286

Name of the Vulnerable Software and Affected Versions: Multipass versions up to and including 1.15.1 Description: Incorrect default permissions in Canonical Multipass on macOS allow a local attacker to escalate privileges by modifying files executed with administrative privileges by a Launch Daem...

CVE-2024-45399

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In Indico prior to version 3.3.4, corresponding to Flask-Multipass prior to version 0.5.5, there is a Cross-Site-Scripting vulnerability during account creation when redirecting to the...