Local Escalation of Privileges in GOG Galaxy Client by CD Projekt
CVE-2020-15529

7.8HIGH

Key Information:

Vendor: Gog
Status: Galaxy
Vendor: CVE Published:; 5 July 2020

What is CVE-2020-15529?

The GOG Galaxy Client version 2.0.17 is susceptible to a local escalation of privileges vulnerability. This issue arises due to weak file permissions that can be exploited when a user either installs a game or conducts a verify/repair operation within the client. Attackers can leverage opportunistic locks to gain unauthorized access and elevate their privileges, potentially compromising system integrity and user data.

References

http://daniels-it-blog.blogspot.com/2020/07/gog-galaxy-es...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 5, 2020
Vulnerability Reserved
Jul 5, 2020

Gog

What is CVE-2020-15529?

References

CVSS V3.1

Timeline