Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv3

CVE-2020-8289

Published: 27/12/2020 Updated: 31/12/2020
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 829
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

Backblaze for Windows prior to 7.0.1.433 and Backblaze for macOS prior to 7.0.1.434 suffer from improper certificate validation in `bztransmit` helper due to hardcoded whitelist of strings in URLs where validation is disabled leading to possible remote code execution via client update functionality.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

backblaze backblaze

Mailing Lists

Full Disclosure: Re: [FD] CVE-2020-8150 – Remote Code Execution as SYSTEM/root via Backblaze
The message I received on April 17th, 2020 was as follows: "We recently released a Win fix and Mac build from this code base should have the same fix (Mac version 710434)" On Sat, Dec 26, 2020 at 12:59 PM Mark E Jeftovic <markjr () easydns com> wrote: _______________________________________________ Sent through the Full Disclosure ma ...
Full Disclosure: Re: CVE-2020-8150 – Remote Code Execution as SYSTEM/root via Backblaze
Is there a transposition typo in the Mac OSX version number? *Fixed Version:* |701433| (Windows) and |710434| (macOS) My OSX Backblaze is reporting 702470 as most recent version On 2020-12-24 1:27 PM, Jason Geffner wrote: -- Mark E Jeftovic <markjr () easydns com> Co-founder & CEO, easyDNS Technologies I ...
Full Disclosure: Re: [FD] CVE-2020-8150 – Remote Code Execution as SYSTEM/root via Backblaze
Thanks, Reed I've updated the GitHub repository name to reflect this change The detailed write-up can now be found at githubcom/geffner/CVE-2020-8289/blob/master/READMEmd On Tue, Dec 22, 2020 at 3:56 AM Reed Loden <reed () reedloden com> wrote: _______________________________________________ Sent through the Full Disclosure m ...

Github Repositories

https://github.com/geffner/CVE-2020-8289

CVE-2020-8289 – Remote Code Execution as SYSTEM/root via Backblaze

CVE-2020-8289 – Remote Code Execution as SYSTEM/root via Backblaze Summary Name: Remote Code Execution as SYSTEM/root via Backblaze CVE: CVE-2020-8289 Discoverer: Jason Geffner Vendor: Backblaze Product: Backblaze for Windows and Backblaze for macOS Risk: Critical Discovery Date: 2020-03-13 Publication Data: 2020-09-09 Fixed Version: 701433 (Windows) and 710434 (mac

https://github.com/geffner/CVE-2020-8150

CVE-2020-8289 – Remote Code Execution as SYSTEM/root via Backblaze

CVE-2020-8289 – Remote Code Execution as SYSTEM/root via Backblaze Summary Name: Remote Code Execution as SYSTEM/root via Backblaze CVE: CVE-2020-8289 Discoverer: Jason Geffner Vendor: Backblaze Product: Backblaze for Windows and Backblaze for macOS Risk: Critical Discovery Date: 2020-03-13 Publication Data: 2020-09-09 Fixed Version: 701433 (Windows) and 710434 (mac

References

CWE-295https://github.com/geffner/CVE-2020-8289/blob/master/README.mdhttps://www.backblaze.com/blog/backblaze-cloud-backup-release-7-0-1/https://youtu.be/W0THXbcX5V8https://hackerone.com/reports/818853http://seclists.org/fulldisclosure/2020/Dec/58http://seclists.org/fulldisclosure/2020/Dec/57https://nvd.nist.govhttps://github.com/geffner/CVE-2020-8289http://seclists.org/fulldisclosure/2020/Dec/57
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
injectCVE-2024-34001CVE-2024-37018LFICVE-2024-1275CVE-2024-1086CSRFCVE-2024-31030CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook