PT-2020-14479 · Gog · Gog Galaxy Client

Published

2020-07-05

Updated

2021-07-21

CVE-2020-15528

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions GOG Galaxy Client version 2.0.17

Description An issue in the GOG Galaxy Client allows for local escalation of privileges. This occurs when a user starts or uninstalls a game due to weak file permissions and missing file integrity checks.

Recommendations For GOG Galaxy Client version 2.0.17, update to a newer version that addresses the weak file permissions and missing file integrity checks to prevent local escalation of privileges. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2020-15528

Affected Products

Gog Galaxy Client

PT-2020-14479 · Gog · Gog Galaxy Client

CVE-2020-15528

Weakness Enumeration

Related Identifiers

Affected Products

References · 4