CVE-2020-15528

An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation of privileges is possible when a user starts or uninstalls a game because of weak file permissions and missing file integrity checks.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 28%
VendorProductVersion
goggalaxy
2.0.17
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://daniels-it-blog.blogspot.com/2020/07/gog-galaxy-escalation-of-privileges.html
http://daniels-it-blog.blogspot.com/2020/07/gog-galaxy-escalation-of-privileges.html