PT-2020-14480 · Gog · Gog Galaxy Client

Published

2020-07-05

Updated

2021-07-21

CVE-2020-15529

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions GOG Galaxy Client version 2.0.17

Description An issue in the GOG Galaxy Client allows for local escalation of privileges when a user installs a game or performs a verify/repair operation. This is due to weak file permissions and can be exploited using opportunistic locks.

Recommendations For GOG Galaxy Client version 2.0.17, consider updating to a newer version that addresses the weak file permissions issue to prevent local escalation of privileges. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Locking

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-667CWE-732

Related Identifiers

CVE-2020-15529

Affected Products

Gog Galaxy Client

PT-2020-14480 · Gog · Gog Galaxy Client

CVE-2020-15529

Weakness Enumeration

Related Identifiers

Affected Products

References · 4