6.7
CVE-2023-50914
- EPSS 0.7%
- Veröffentlicht 30.04.2024 14:15:10
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
A Privilege Escalation issue in the inter-process communication procedure from GOG Galaxy (Beta) 2.0.67.2 through v2.0.71.2 allows authentictaed users to change the DACL of arbitrary system directories to include Everyone full control permissions by modifying the FixDirectoryPrivileges instruction parameters sent from GalaxyClient.exe to GalaxyClientService.exe.
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Herstellergog
≫
Produkt
galaxy
Default Statusunknown
Version <=
v2.071.2
Version
2.0.67.2
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.7% | 0.483 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.7 | 1.2 | 5.5 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
|
CWE-279 Incorrect Execution-Assigned Permissions
While it is executing, the product sets the permissions of an object in a way that violates the intended permissions that have been specified by the user.
https://www.positronsecurity.com/blog/2020-08-13-gog-galaxy_client-local-privilege-escalation_deuce/
https://github.com/anvilsecure/gog-galaxy-app-research
https://github.com/anvilsecure/gog-galaxy-app-research/blob/main/advisories/CVE-2023-50914%20-%20LPE.md
https://support.gog.com/hc/en-us/categories/201553005-Downloads-Installing?product=gog