Vulners
Lucene search
Epic Games Psyonix Rocket League <=1.95 Insecure Permissions
| Reporter | Title | Published | Views | Family All 8 |
|---|---|---|---|---|
 | CVE-2021-47742 | 31 Dec 202522:07 | – | circl |
 | Epic Games Psyonix Rocket League 安全漏洞 | 31 Dec 202500:00 | – | cnnvd |
 | CVE-2021-47742 | 31 Dec 202518:39 | – | cve |
 | CVE-2021-47742 Epic Games Psyonix Rocket League <=1.95 Elevation of Privileges via Insecure Permissions | 31 Dec 202518:39 | – | cvelist |
 | EUVD-2025-206082 | 31 Dec 202521:30 | – | euvd |
 | CVE-2021-47742 | 31 Dec 202519:15 | – | nvd |
 | PT-2025-54423 | 31 Dec 202500:00 | – | ptsecurity |
 | CVE-2021-47742 Epic Games Psyonix Rocket League <=1.95 Elevation of Privileges via Insecure Permissions | 31 Dec 202518:39 | – | vulnrichment |
<html><body><p>Epic Games Psyonix Rocket League <=1.95 Insecure Permissions
Vendor: Epic Games Inc. | Psyonix, LLC
Product web page: https://www.epicgames.com
https://www.psyonix.com
https://www.rocketleague.com
Affected version: <=1.95
Summary: Rocket League is a high-powered hybrid of arcade-style soccer
and vehicular mayhem with easy-to-understand controls and fluid, physics-driven
competition.
Desc: The application suffers from an elevation of privileges vulnerability
which can be used by a simple authenticated user that can change the executable
file with a binary of choice. The vulnerability exist due to the improper
permissions, with the 'F' flag (Full) for 'Authenticated Users' group.
Tested on: Microsoft Windows 10
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2021-5650
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5650.php
20.04.2021
--
E:\Epic Games\rocketleague\Binaries\Win64>cacls RocketLeague.exe
E:\Epic Games\rocketleague\Binaries\Win64\RocketLeague.exe BUILTIN\Administrators:F
NT AUTHORITY\SYSTEM:F
NT AUTHORITY\Authenticated Users:C
BUILTIN\Users:R
E:\Epic Games\rocketleague>cacls Binaries
E:\Epic Games\rocketleague\Binaries BUILTIN\Administrators:F
BUILTIN\Administrators:(OI)(CI)(IO)F
NT AUTHORITY\SYSTEM:F
NT AUTHORITY\SYSTEM:(OI)(CI)(IO)F
NT AUTHORITY\Authenticated Users:C
NT AUTHORITY\Authenticated Users:(OI)(CI)(IO)C
BUILTIN\Users:R
BUILTIN\Users:(OI)(CI)(IO)(special access:)
GENERIC_READ
GENERIC_EXECUTE
E:\Epic Games\rocketleague>cacls TAGame
E:\Epic Games\rocketleague\TAGame BUILTIN\Administrators:F
BUILTIN\Administrators:(OI)(CI)(IO)F
NT AUTHORITY\SYSTEM:F
NT AUTHORITY\SYSTEM:(OI)(CI)(IO)F
NT AUTHORITY\Authenticated Users:C
NT AUTHORITY\Authenticated Users:(OI)(CI)(IO)C
BUILTIN\Users:R
BUILTIN\Users:(OI)(CI)(IO)(special access:)
GENERIC_READ
GENERIC_EXECUTE
</p></body></html>Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
30 Apr 2021 00:00Current
5.8Medium risk
Vulners AI Score5.8
CVSS 48.5
CVSS 3.18.8
EPSS0.00043
SSVC