Carlos Polop Martín

Name of the Vulnerable Software and Affected Versions: Parallels Desktop Software versions prior to 19.3.0 Description: The issue is related to improper privilege management, allowing an attacker to escalate privileges on the system. This can be achieved by adding malicious code to a script and populating the `BASH ENV` environment variable with the path to the malicious script, which executes on application startup. Recommendations: For versions prior to 19.3.0, update to version 19.3.0 or later to resolve the issue. As a temporary workaround, consider restricting the ability to populate the `BASH ENV` environment variable with malicious script paths to minimize the risk of exploitation.