Epic Games Psyonix Rocket League <=1.95 Insecure Permissions
Title: Epic Games Psyonix Rocket League <=1.95 Insecure Permissions
Advisory ID: ZSL-2021-5650
Type: Local
Impact: Privilege Escalation
Risk: (3/5)
Release Date: 30.04.2021
Psyonix, LLC - https://www.psyonix.com
[26.04.2021] Vendor contacted.
[30.04.2021] HackerOne states not valid.
[30.04.2021] Public security advisory released.
[2] https://exchange.xforce.ibmcloud.com/vulnerabilities/201128
[04.05.2021] - Added reference [1] and [2]
Web: https://www.zeroscience.mk
e-mail: lab@zeroscience.mk
Advisory ID: ZSL-2021-5650
Type: Local
Impact: Privilege Escalation
Risk: (3/5)
Release Date: 30.04.2021
Summary
Rocket League is a high-powered hybrid of arcade-style soccer and vehicular mayhem with easy-to-understand controls and fluid, physics-driven competition.Description
The application suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag (Full) for 'Authenticated Users' group.Vendor
Epic Games Inc. - https://www.epicgames.com | https://www.rocketleague.comPsyonix, LLC - https://www.psyonix.com
Affected Version
<=1.95Tested On
Microsoft Windows 10Vendor Status
[20.04.2021] Vulnerability discovered.[26.04.2021] Vendor contacted.
[30.04.2021] HackerOne states not valid.
[30.04.2021] Public security advisory released.
PoC
rocketleague_perms.txtCredits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>References
[1] https://packetstormsecurity.com/files/162435[2] https://exchange.xforce.ibmcloud.com/vulnerabilities/201128
Changelog
[30.04.2021] - Initial release[04.05.2021] - Added reference [1] and [2]
Contact
Zero Science LabWeb: https://www.zeroscience.mk
e-mail: lab@zeroscience.mk
