CVE-2021-3626 – Windows version of Multipass unauthenticated localhost tcp control socket can perform mounts

https://notcve.org/view.php?id=CVE-2021-3626

The Windows version of Multipass before 1.7.0 allowed any local process to connect to the localhost TCP control socket to perform mounts from the operating system to a guest, allowing for privilege escalation. La versión para Windows de Multipass anteriores a 1.7.0, permitía a cualquier proceso local conectarse al socket de control TCP de localhost para llevar a cabo montajes del sistema operativo a un invitado, permitiendo una escalada de privilegios • https://github.com/canonical/multipass/pull/2150 • CWE-73: External Control of File Name or Path CWE-284: Improper Access Control •