CVE-2020-15529

An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation of privileges is possible when a user installs a game or performs a verify/repair operation. The issue exists because of weak file permissions and can be exploited by using opportunistic locks.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 25%
VendorProductVersion
goggalaxy
2.0.17
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://daniels-it-blog.blogspot.com/2020/07/gog-galaxy-escalation-of-privileges.html
http://daniels-it-blog.blogspot.com/2020/07/gog-galaxy-escalation-of-privileges.html