Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.6
CVSSv2

CVE-2020-8290

Published: 27/12/2020 Updated: 31/12/2020
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 410
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Backblaze for Windows and Backblaze for macOS prior to 7.0.0.439 suffer from improper privilege management in `bztransmit` helper due to lack of permission handling and validation before creation of client update directories allowing for local escalation of privilege via rogue client update binary.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

backblaze backblaze

Mailing Lists

Full Disclosure: Re: [FD] CVE-2020-8152 – Elevation of Privilege in Backblaze
Thanks, Reed I've updated the GitHub repository name to reflect this change The detailed write-up can now be found at githubcom/geffner/CVE-2020-8290/blob/master/READMEmd On Tue, Dec 22, 2020 at 3:52 AM Reed Loden <reed () reedloden com> wrote: _______________________________________________ Sent through the Full Disclosure m ...
Full Disclosure: Re: [FD] CVE-2020-8152 – Elevation of Privilege in Backblaze
Due to a process fail, this CVE ID was accidentally reused for another vulnerability The updated CVE ID for this issue is CVE-2020-8290 We apologize to Jason and others for the inconvenience caused by this error Happy holidays, ~reed (for HackerOne) On Fri, Sep 11, 2020 at 10:16 AM Jason Geffner <geffner () gmail com> wrote: _______ ...

Github Repositories

https://github.com/geffner/CVE-2020-8290

CVE-2020-8290 – Elevation of Privilege in Backblaze

CVE-2020-8290 – Elevation of Privilege in Backblaze Summary Name: Elevation of Privilege in Backblaze CVE: CVE-2020-8290 Discoverer: Jason Geffner Vendor: Backblaze Product: Backblaze for Windows and Backblaze for macOS Risk: High Discovery Date: 2020-03-13 Publication Data: 2020-09-09 Fixed Version: 700439 Introduction Per Wikipedia, Backblaze is "an online back

https://github.com/geffner/CVE-2020-8152

CVE-2020-8290 – Elevation of Privilege in Backblaze

CVE-2020-8290 – Elevation of Privilege in Backblaze Summary Name: Elevation of Privilege in Backblaze CVE: CVE-2020-8290 Discoverer: Jason Geffner Vendor: Backblaze Product: Backblaze for Windows and Backblaze for macOS Risk: High Discovery Date: 2020-03-13 Publication Data: 2020-09-09 Fixed Version: 700439 Introduction Per Wikipedia, Backblaze is "an online back

References

CWE-269https://github.com/geffner/CVE-2020-8290/blob/master/README.mdhttps://youtu.be/OpC6neWd2aMhttps://hackerone.com/reports/818857https://nvd.nist.govhttps://github.com/geffner/CVE-2020-8290http://seclists.org/fulldisclosure/2020/Dec/53
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248CVE-2024-3110CVE-2024-5552CVE-2024-29415HTML injectionCVE-2024-3095TCPtype confusionCVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook