CVEs-PoC/2020/CVE-2020-5798.md

### [CVE-2020-5798](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5798)
![](https://img.shields.io/static/v1?label=Product&message=Druva%20inSync%20macOS%20Client%20Installers%20for%20v6.8.0%20and%20prior&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Privilege%20Escalation&color=brighgreen)

### Description

inSync Client installer for macOS versions v6.8.0 and prior could allow an attacker to gain privileges of a root user from a lower privileged user due to improper integrity checks and directory permissions.

### POC

#### Reference
- https://www.tenable.com/security/research/tra-2020-67
- https://www.tenable.com/security/research/tra-2020-67,https://docs.druva.com/001_inSync_Cloud/Cloud/010_Release_Details/010_inSync_Cloud_Updates

#### Github
No PoCs found on GitHub currently.