CVE-2020-8290

Backblaze for Windows and Backblaze for macOS before 7.0.0.439 suffer from improper privilege management in `bztransmit` helper due to lack of permission handling and validation before creation of client update directories allowing for local escalation of privilege via rogue client update binary.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
hackeroneCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
VendorProductVersion
backblazebackblaze
𝑥
< 7.0.0.439
backblazebackblaze
𝑥
< 7.0.0.439
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/geffner/CVE-2020-8290/blob/master/README.md
https://hackerone.com/reports/818857
https://youtu.be/OpC6neWd2aM
https://github.com/geffner/CVE-2020-8290/blob/master/README.md
https://hackerone.com/reports/818857
https://youtu.be/OpC6neWd2aM