geffner/CVE-2020-8290
GitHub
Releases0
CVE-2020-8290 – Elevation of Privilege in Backblaze
CVE History
| CVE | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|
| 7.8 HIGH | 4.6 MEDIUM | ||
Backblaze for Windows and Backblaze for macOS before 7.0.0.439 suffer from improper privilege management in `bztransmit` helper due to lack of permission handling and validation before creation of client update directories allowing for local escalation of privilege via rogue client update binary. | |||