CVE-2020-8290
HIGH WAF: Low
CVSS 7.8
Published: 2020-12-27
CWE-269 CWE-269
Backblaze for Windows and Backblaze for macOS before 7.0.0.439 suffer from improper privilege management in `bztransmit` helper due to lack of permission handling and validation before creation of client update directories allowing for local escalation of privilege via rogue client update binary.
WAF Coverage Analysis
Improper Privilege Management
Low WAF Coverage
OWASP: A01:2021 Broken Access Control
Improper Privilege Management
Low WAF Coverage
OWASP: A01:2021 Broken Access Control
Affected Software
| Vendor | Product | Version |
|---|---|---|
| backblaze | backblaze | up to 7.0.0.439 |
| backblaze | backblaze | up to 7.0.0.439 |
References
- github.com (Exploit, Third Party Advisory)
- hackerone.com (Permissions Required)
- youtu.be (Exploit, Third Party Advisory)