Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2020-8289
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Backblaze for Windows before 7.0.1.433 and Backblaze for macOS before 7.0.1.434 suffer from improper certificate validation in `bztransmit` helper due to hardcoded whitelist of strings in URLs where validation is disabled leading to possible remote code execution via client update functionality.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
证书验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Backblaze 信任管理问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Backblaze是美国Backblaze公司的一款云端备份服务。 Backblaze for Windows 7.0.1.433之前版本 and Backblaze for macOS 7.0.1.434之前版本存在信任管理问题漏洞,该漏洞源于 bztransmit helper中遭受不适当的证书验证,这是由于url中字符串的硬编码白名单被禁用,导致可能通过客户端更新功能远程执行代码。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
-Backblaze Backblaze for Windows before 7.0.1.433 and Backblaze for macOS before 7.0.1.434 -
II. Public POCs for CVE-2020-8289
#POC DescriptionSource LinkShenlong Link
1CVE-2020-8289 – Remote Code Execution as SYSTEM/root via Backblazehttps://github.com/geffner/CVE-2020-8289POC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2020-8289
Please Login to view more intelligence information
New Vulnerabilities
Product: Backblaze
Vendor: n/a
Same weakness: CWE-295
V. Comments for CVE-2020-8289

No comments yet

Leave a comment