CVE-2020-12242 – Source Engine CS:GO BuildID: 4937372 - Arbitrary Code Execution

https://notcve.org/view.php?id=CVE-2020-12242

27 Apr 2020 — Valve Source allows local users to gain privileges by writing to the /tmp/hl2_relaunch file, which is later executed in the context of a different user account. Valve Source, permite a usuarios locales alcanzar privilegios al escribir en el archivo /tmp/hl2_relaunch, que posteriormente es ejecutado en el contexto de una cuenta de usuario diferente. • https://www.exploit-db.com/exploits/48387 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •