CVE-2020-8289

Published
View on NVD ↗
CVSS v3
7.8
HIGH
CVSS v2
9.3
HIGH
Affected
1
PROJECT

Description

Backblaze for Windows before 7.0.1.433 and Backblaze for macOS before 7.0.1.434 suffer from improper certificate validation in `bztransmit` helper due to hardcoded whitelist of strings in URLs where validation is disabled leading to possible remote code execution via client update functionality.

geffner/CVE-2020-8289
geffner/CVE-2020-8289
CVE-2020-8289 – Remote Code Execution as SYSTEM/root via Backblaze
GitHubGitHub
11