Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2024-12088

Опубликовано: 14 янв. 2025
Источник: nvd
CVSS3: 6.5
CVSS3: 7.5
EPSS Низкий

Описание

A flaw was found in rsync. When using the --safe-links option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:samba:rsync:*:*:*:*:*:*:*:*
Версия до 3.3.0 (включая)
Конфигурация 2

Одно из

cpe:2.3:a:redhat:discovery:1.14:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.6_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.6_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.6_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.6_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.6:*:*:*:*:*:*:*
Конфигурация 3
cpe:2.3:o:archlinux:arch_linux:-:*:*:*:*:*:*:*
Конфигурация 4
cpe:2.3:o:gentoo:linux:-:*:*:*:*:*:*:*
Конфигурация 5
cpe:2.3:o:nixos:nixos:*:*:*:*:*:*:*:*
Версия до 24.11 (исключая)
Конфигурация 6
cpe:2.3:o:novell:suse_linux:-:*:*:*:*:*:*:*
Конфигурация 7
cpe:2.3:o:tritondatacenter:smartos:*:*:*:*:*:*:*:*
Версия до 20250123 (исключая)
Конфигурация 8

Одно из

cpe:2.3:o:almalinux:almalinux:8.0:-:*:*:*:*:*:*
cpe:2.3:o:almalinux:almalinux:9.0:-:*:*:*:*:*:*
cpe:2.3:o:almalinux:almalinux:10.0:-:*:*:*:*:*:*

EPSS

Процентиль: 66%
0.0052
Низкий

6.5 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-35
CWE-22

Связанные уязвимости

ubuntu логотип

CVE-2024-12088

CVSS3: 6.5
ubuntu
7 месяцев назад

A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory.

redhat логотип

CVE-2024-12088

CVSS3: 6.5
redhat
7 месяцев назад

A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory.

msrc логотип

CVE-2024-12088

CVSS3: 7.5
msrc
7 месяцев назад

Описание отсутствует

debian логотип

CVE-2024-12088

CVSS3: 6.5
debian
7 месяцев назад

A flaw was found in rsync. When using the `--safe-links` option, the r ...

suse-cvrf логотип

SUSE-SU-2025:1330-1

suse-cvrf
4 месяца назад

Security update for rsync

EPSS

Процентиль: 66%
0.0052
Низкий

6.5 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-35
CWE-22