📄 الوصف (الإنجليزية)
Laravel Valet versions 1.1.4 to 2.0.3 contain a local privilege escalation vulnerability that allows users to modify the valet command with root privileges. Attackers can edit the symlinked valet command to execute arbitrary code with root permissions without additional authentication.
🤖 ملخص AI
Laravel Valet versions 1.1.4 to 2.0.3 contain a critical local privilege escalation vulnerability (CVE-2021-47756) allowing attackers to modify symlinked valet commands and execute arbitrary code with root privileges. This vulnerability affects development environments and poses significant risk to organizations using Laravel for web application development. Immediate patching to version 2.0.4 or later is essential to prevent unauthorized privilege escalation.
📄 الوصف (العربية)
🤖 التحليل الذكي آخر تحليل: Apr 24, 2026 16:00
🇸🇦 التأثير على المملكة العربية السعودية
This vulnerability primarily impacts Saudi technology companies, software development firms, and financial institutions using Laravel for web application development. High-risk sectors include: Banking and Financial Services (SAMA-regulated entities using Laravel for digital banking platforms), Government IT departments developing web applications, Telecommunications companies (STC, Mobily) with development teams, Healthcare IT systems, and E-commerce platforms. The vulnerability allows local attackers with user-level access to gain root privileges, potentially compromising sensitive financial data, government systems, and customer information. Development teams in Saudi organizations are particularly vulnerable if they run Laravel Valet on shared development servers or workstations.
🏢 القطاعات السعودية المتأثرة
Software Development and IT Services
Banking and Financial Services
Government and Public Administration
Telecommunications
Healthcare IT
E-commerce and Retail
Education and Universities
🎯 تقنيات MITRE ATT&CK
T1548.004 - Abuse Elevation Control Mechanism: Elevated Execution with Prompt
T1548 - Abuse Elevation Control Mechanism
T1574.008 - Hijack Execution Flow: Symlink
T1574 - Hijack Execution Flow
T1547.001 - Boot or Logon Initialization Scripts: Logon Script (Windows)
T1053 - Scheduled Task/Job
T1059 - Command and Scripting Interpreter
⚖️ درجة المخاطر السعودية (AI)
7.8
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Identify all systems running Laravel Valet versions 1.1.4 to 2.0.3 across development and production environments
2. Restrict local access to systems running vulnerable Valet versions
3. Review user access logs for unauthorized privilege escalation attempts
PATCHING GUIDANCE:
1. Upgrade Laravel Valet to version 2.0.4 or later immediately
2. Run: composer global update laravel/valet
3. Verify installation: valet --version
4. Restart Valet services: valet restart
COMPENSATING CONTROLS (if immediate patching not possible):
1. Disable symlink functionality in Valet configuration
2. Implement strict file permission controls (chmod 755 on valet binary)
3. Use SELinux or AppArmor to restrict valet command execution
4. Implement sudo restrictions to prevent valet command execution
5. Monitor /usr/local/bin/valet and related symlinks for unauthorized modifications
DETECTION RULES:
1. Monitor for modifications to /usr/local/bin/valet and symlinked files
2. Alert on valet command execution with root privileges from non-root users
3. Track changes to valet configuration files
4. Monitor for suspicious process execution following valet command invocation
5. Implement file integrity monitoring (AIDE, Tripwire) on valet binaries
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تحديد جميع الأنظمة التي تقوم بتشغيل إصدارات Laravel Valet من 1.1.4 إلى 2.0.3 عبر بيئات التطوير والإنتاج
2. تقييد الوصول المحلي إلى الأنظمة التي تقوم بتشغيل إصدارات Valet الضعيفة
3. مراجعة سجلات الوصول للمستخدمين للتحقق من محاولات تصعيد الامتيازات غير المصرح بها
إرشادات التصحيح:
1. ترقية Laravel Valet إلى الإصدار 2.0.4 أو أحدث فوراً
2. تشغيل: composer global update laravel/valet
3. التحقق من التثبيت: valet --version
4. إعادة تشغيل خدمات Valet: valet restart
الضوابط البديلة (إذا لم يكن التصحيح الفوري ممكناً):
1. تعطيل وظيفة الرموز في تكوين Valet
2. تطبيق ضوابط صارمة على أذونات الملفات (chmod 755 على ملف valet)
3. استخدام SELinux أو AppArmor لتقييد تنفيذ أوامر valet
4. تطبيق قيود sudo لمنع تنفيذ أوامر valet
5. مراقبة /usr/local/bin/valet والملفات المرتبطة بالرموز للتعديلات غير المصرح بها
قواعد الكشف:
1. مراقبة التعديلات على /usr/local/bin/valet والملفات المرتبطة بالرموز
2. تنبيهات عند تنفيذ أوامر valet بامتيازات الجذر من مستخدمين غير الجذر
3. تتبع التغييرات في ملفات تكوين valet
4. مراقبة تنفيذ العمليات المريبة بعد استدعاء أوامر valet
5. تطبيق مراقبة سلامة الملفات (AIDE, Tripwire) على ملفات valet الثنائية
📋 خريطة الامتثال التنظيمي
🟢 NCA ECC 2024
A.5.1.1 - Information security policies and procedures
A.6.1.1 - Access control policy
A.6.2.1 - User registration and access rights management
A.8.2.1 - Classification of information
A.8.2.3 - Handling of assets
A.12.4.1 - Event logging
A.12.4.3 - Protection of log information
🔵 SAMA CSF
ID.AM-2 - Software inventory and management
PR.AC-1 - Access control policy and procedures
PR.AC-4 - Access rights and privileges
DE.CM-1 - System monitoring and anomaly detection
DE.CM-3 - Environmental monitoring
RS.MI-2 - Incident response and recovery procedures
🟡 ISO 27001:2022
A.5.1 - Management direction for information security
A.6.1 - Internal organization
A.6.2 - Mobile device and teleworking
A.8.1 - Asset management
A.8.2 - Information classification
A.8.3 - Media handling
A.9.1 - Access control policy
A.9.2 - User access management
A.12.4 - Logging
🟣 PCI DSS v4.0.1
Requirement 2.1 - Configuration standards
Requirement 6.2 - Security patches and updates
Requirement 7 - Restrict access to data
Requirement 10 - Logging and monitoring