Published: 27/12/2020 Updated: 31/12/2020

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 829

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Backblaze for Windows prior to 7.0.1.433 and Backblaze for macOS prior to 7.0.1.434 suffer from improper certificate validation in `bztransmit` helper due to hardcoded whitelist of strings in URLs where validation is disabled leading to possible remote code execution via client update functionality.

Vulnerable Product	Search on Vulmon	Subscribe to Product
backblaze backblaze

Full Disclosure mailing list archives   By Date By Thread </form>    Re: CVE-2020-8150 – Remote Code Execution as SYSTEM/root via Backblaze  <!--X-Head-of-Mes ...

Full Disclosure mailing list archives   By Date By Thread </form>    Re: [FD] CVE-2020-8150 – Remote Code Execution as SYSTEM/root via Backblaze  <!--X-Head-o ...

CVE-2020-8289 – Remote Code Execution as SYSTEM/root via Backblaze

CVE-2020-8289 – Remote Code Execution as SYSTEM/root via Backblaze Summary Name: Remote Code Execution as SYSTEM/root via Backblaze CVE: CVE-2020-8289 Discoverer: Jason Geffner Vendor: Backblaze Product: Backblaze for Windows and Backblaze for macOS Risk: Critical Discovery Date: 2020-03-13 Publication Data: 2020-09-09 Fixed Version: 701433 (Windows) and 710434 (mac

CVE-2020-8289 – Remote Code Execution as SYSTEM/root via Backblaze

CVE-2020-8289 – Remote Code Execution as SYSTEM/root via Backblaze Summary Name: Remote Code Execution as SYSTEM/root via Backblaze CVE: CVE-2020-8289 Discoverer: Jason Geffner Vendor: Backblaze Product: Backblaze for Windows and Backblaze for macOS Risk: Critical Discovery Date: 2020-03-13 Publication Data: 2020-09-09 Fixed Version: 701433 (Windows) and 710434 (mac

CWE-295 https://github.com/geffner/CVE-2020-8289/blob/master/README.md https://www.backblaze.com/blog/backblaze-cloud-backup-release-7-0-1/https://youtu.be/W0THXbcX5V8 https://hackerone.com/reports/818853 http://seclists.org/fulldisclosure/2020/Dec/58 http://seclists.org/fulldisclosure/2020/Dec/57 https://nvd.nist.gov https://github.com/geffner/CVE-2020-8150 http://seclists.org/fulldisclosure/2020/Dec/58

CVE-2020-8289

Vulnerability Summary

Vulnerability Trend

Mailing Lists

Github Repositories

References

Vulmon Search

About

Products

Connect