CVE-2021-47756
BaseFortify
Publication date: 2026-01-16
Last updated on: 2026-01-16
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| laravel | valet | From 1.1.4 (inc) to 2.0.3 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-732 | The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2021-47756 is a local privilege escalation vulnerability in Laravel Valet versions 1.1.4 through 2.0.3 on macOS. It occurs because the 'valet' command is symlinked to a location writable by the user, combined with sudoers rules that allow running 'valet' commands as root without a password. This means an attacker with local access can modify the 'valet' command to execute arbitrary code with root privileges without additional authentication. [1, 3]
How can this vulnerability impact me? :
This vulnerability allows a local attacker to escalate their privileges to root by modifying the writable 'valet' command and executing it with elevated permissions. This can lead to unauthorized execution of arbitrary code with full system control, compromising confidentiality, integrity, and availability of the affected system. [1, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by checking if the 'valet' command symlink is writable by the user and if sudoers rules allow running 'valet' commands as root without a password. Specifically, verify the permissions of the symlinked valet command at /usr/local/bin/valet and check sudoers entries for rules allowing passwordless execution of '/usr/local/bin/valet *'. Commands to help detect this include: 1) `ls -l /usr/local/bin/valet` to check if the symlink or target is writable by the user. 2) `sudo -l` to list sudo privileges and see if 'valet' commands can be run without a password. 3) Inspect sudoers files (e.g., `sudo cat /etc/sudoers.d/*`) for entries allowing passwordless execution of 'valet'. These checks can help identify if the system is vulnerable to this local privilege escalation. [3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1) Restrict write permissions on the 'valet' command symlink and its target to prevent unauthorized modification. 2) Remove or modify the sudoers rules that allow members of the admin group to run '/usr/local/bin/valet *' commands as root without a password. 3) Upgrade Laravel Valet to a version later than 2.0.3 where this vulnerability is fixed. 4) As a temporary measure, avoid running 'valet' commands with sudo until the issue is resolved. These steps reduce the risk of arbitrary code execution with root privileges via the vulnerable valet command. [1, 3]