exploitDog

GHSA-mfc8-4qmg-g3x6

Опубликовано: 24 мая 2022

Источник: github

Github: Не прошло ревью

Описание

Backblaze for Windows and Backblaze for macOS before 7.0.0.439 suffer from improper privilege management in bztransmit helper due to lack of permission handling and validation before creation of client update directories allowing for local escalation of privilege via rogue client update binary.

Backblaze for Windows and Backblaze for macOS before 7.0.0.439 suffer from improper privilege management in bztransmit helper due to lack of permission handling and validation before creation of client update directories allowing for local escalation of privilege via rogue client update binary.

Ссылки

EPSS

Процентиль: 30%

0.00108

Низкий

CVE ID

Дефекты

CWE-269

Связанные уязвимости

CVE-2020-8290

CVSS3: 7.8

nvd

около 5 лет назад

Backblaze for Windows and Backblaze for macOS before 7.0.0.439 suffer from improper privilege management in `bztransmit` helper due to lack of permission handling and validation before creation of client update directories allowing for local escalation of privilege via rogue client update binary.

EPSS

Процентиль: 30%

0.00108

Низкий

CVE ID

Дефекты

CWE-269