← volver
CVE-2020-8289

CVE-2020-8289

EPSS 4.7%CWE-295
Backblaze for Windows before 7.0.1.433 and Backblaze for macOS before 7.0.1.434 suffer from improper certificate validation in `bztransmit` helper due to hardcoded whitelist of strings in URLs where validation is disabled leading to possible remote code execution via client update functionality.
Productos afectados
n/a · Backblaze

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://seclists.org/fulldisclosure/2020/Dec/57http://seclists.org/fulldisclosure/2020/Dec/58https://github.com/geffner/CVE-2020-8289/blob/master/README.mdhttps://hackerone.com/reports/818853https://www.backblaze.com/blog/backblaze-cloud-backup-release-7-0-1/https://youtu.be/W0THXbcX5V8