← voltar
CVE-2020-8289

CVE-2020-8289

EPSS 4.7%CWE-295
Backblaze for Windows before 7.0.1.433 and Backblaze for macOS before 7.0.1.434 suffer from improper certificate validation in `bztransmit` helper due to hardcoded whitelist of strings in URLs where validation is disabled leading to possible remote code execution via client update functionality.
Produtos afetados
n/a · Backblaze

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://seclists.org/fulldisclosure/2020/Dec/57http://seclists.org/fulldisclosure/2020/Dec/58https://github.com/geffner/CVE-2020-8289/blob/master/README.mdhttps://hackerone.com/reports/818853https://www.backblaze.com/blog/backblaze-cloud-backup-release-7-0-1/https://youtu.be/W0THXbcX5V8