CVE-2023-50915 - Vulnerability Details - OpenCVE

An issue exists in GalaxyClientService.exe in GOG Galaxy (Beta) 2.0.67.2 through 2.0.71.2 that could allow authenticated users to overwrite and corrupt critical system files via a combination of an NTFS Junction and an RPC Object Manager symbolic link and could result in a denial of service.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Gog	Galaxy

No data.

No data.

References

Link	Providers
https://github.com/anvilsecure/gog-galaxy-app-research
https://github.com/anvilsecure/gog-galaxy-app-research/blob/main/advisories/CVE-2023-50915%20-%20DoS.md
https://support.gog.com/hc/en-us/categories/201553005-Downloads-Installing?product=gog

History

Fri, 28 Mar 2025 20:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Gog Gog galaxy
Weaknesses		CWE-288
CPEs		cpe:2.3:a:gog:galaxy:-:::::::*
Vendors & Products		Gog Gog galaxy
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-04-30T00:00:00.000Z

Updated: 2025-03-28T19:28:13.541Z

Reserved: 2023-12-15T00:00:00.000Z

Link: CVE-2023-50915

Vulnrichment

Updated: 2024-08-02T22:23:44.085Z

NVD

Status : Awaiting Analysis

Published: 2024-04-30T14:15:10.887

Modified: 2025-03-28T20:15:19.030

Link: CVE-2023-50915

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-50915", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-03-28T19:28:13.541Z", "dateReserved": "2023-12-15T00:00:00.000Z", "datePublished": "2024-04-30T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-04-30T13:38:18.537Z"}, "descriptions": [{"lang": "en", "value": "An issue exists in GalaxyClientService.exe in GOG Galaxy (Beta) 2.0.67.2 through 2.0.71.2 that could allow authenticated users to overwrite and corrupt critical system files via a combination of an NTFS Junction and an RPC Object Manager symbolic link and could result in a denial of service."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://support.gog.com/hc/en-us/categories/201553005-Downloads-Installing?product=gog"}, {"url": "https://github.com/anvilsecure/gog-galaxy-app-research"}, {"url": "https://github.com/anvilsecure/gog-galaxy-app-research/blob/main/advisories/CVE-2023-50915%20-%20DoS.md"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-288", "lang": "en", "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel"}]}], "affected": [{"vendor": "gog", "product": "galaxy", "cpes": ["cpe:2.3:a:gog:galaxy:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "2.0.67.2", "status": "affected", "lessThanOrEqual": "2.071.2", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-05-21T19:47:51.354905Z", "id": "CVE-2023-50915", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-28T19:28:13.541Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T22:23:44.085Z"}, "title": "CVE Program Container", "references": [{"url": "https://support.gog.com/hc/en-us/categories/201553005-Downloads-Installing?product=gog", "tags": ["x_transferred"]}, {"url": "https://github.com/anvilsecure/gog-galaxy-app-research", "tags": ["x_transferred"]}, {"url": "https://github.com/anvilsecure/gog-galaxy-app-research/blob/main/advisories/CVE-2023-50915%20-%20DoS.md", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://support.gog.com/hc/en-us/categories/201553005-Downloads-Installing?product=gog", "tags": ["x_transferred"]}, {"url": "https://github.com/anvilsecure/gog-galaxy-app-research", "tags": ["x_transferred"]}, {"url": "https://github.com/anvilsecure/gog-galaxy-app-research/blob/main/advisories/CVE-2023-50915%20-%20DoS.md", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T22:23:44.085Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-50915", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-21T19:47:51.354905Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:gog:galaxy:-:*:*:*:*:*:*:*"], "vendor": "gog", "product": "galaxy", "versions": [{"status": "affected", "version": "2.0.67.2", "versionType": "custom", "lessThanOrEqual": "2.071.2"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-288", "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-04-30T15:27:20.479Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://support.gog.com/hc/en-us/categories/201553005-Downloads-Installing?product=gog"}, {"url": "https://github.com/anvilsecure/gog-galaxy-app-research"}, {"url": "https://github.com/anvilsecure/gog-galaxy-app-research/blob/main/advisories/CVE-2023-50915%20-%20DoS.md"}], "descriptions": [{"lang": "en", "value": "An issue exists in GalaxyClientService.exe in GOG Galaxy (Beta) 2.0.67.2 through 2.0.71.2 that could allow authenticated users to overwrite and corrupt critical system files via a combination of an NTFS Junction and an RPC Object Manager symbolic link and could result in a denial of service."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-04-30T13:38:18.537Z"}}}, "cveMetadata": {"cveId": "CVE-2023-50915", "state": "PUBLISHED", "dateUpdated": "2025-03-28T19:28:13.541Z", "dateReserved": "2023-12-15T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-04-30T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An issue exists in GalaxyClientService.exe in GOG Galaxy (Beta) 2.0.67.2 through 2.0.71.2 that could allow authenticated users to overwrite and corrupt critical system files via a combination of an NTFS Junction and an RPC Object Manager symbolic link and could result in a denial of service."}, {"lang": "es", "value": "Existe un problema en GalaxyClientService.exe en GOG Galaxy (Beta) 2.0.67.2 a 2.0.71.2 que podr\u00eda permitir a los usuarios autenticados sobrescribir y da\u00f1ar archivos cr\u00edticos del sistema a trav\u00e9s de una combinaci\u00f3n de una uni\u00f3n NTFS y un enlace simb\u00f3lico del Administrador de objetos RPC y podr\u00eda resultar en una denegaci\u00f3n de servicio."}], "id": "CVE-2023-50915", "lastModified": "2025-03-28T20:15:19.030", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-04-30T14:15:10.887", "references": [{"source": "cve@mitre.org", "url": "https://github.com/anvilsecure/gog-galaxy-app-research"}, {"source": "cve@mitre.org", "url": "https://github.com/anvilsecure/gog-galaxy-app-research/blob/main/advisories/CVE-2023-50915%20-%20DoS.md"}, {"source": "cve@mitre.org", "url": "https://support.gog.com/hc/en-us/categories/201553005-Downloads-Installing?product=gog"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/anvilsecure/gog-galaxy-app-research"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/anvilsecure/gog-galaxy-app-research/blob/main/advisories/CVE-2023-50915%20-%20DoS.md"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://support.gog.com/hc/en-us/categories/201553005-Downloads-Installing?product=gog"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-288"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}