6.8

CVE-2024-12086

Exploit

EPSS 0.47%
Veröffentlicht 14.01.2025 18:15:25
Zuletzt bearbeitet 03.11.2025 22:16:39
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Samba ≫ Rsync Version <= 3.3.0

Redhat ≫ Openshift Container Platform Version4.0

Redhat ≫ Enterprise Linux Version6.0

Redhat ≫ Enterprise Linux Version7.0

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Enterprise Linux Version9.0

Redhat ≫ Enterprise Linux Version10.0

Almalinux ≫ Almalinux Version8.0 Update-

Almalinux ≫ Almalinux Version9.0 Update-

Almalinux ≫ Almalinux Version10.0 Update-

Archlinux ≫ Arch Linux Version-

Gentoo ≫ Linux Version-

Nixos ≫ Nixos Version < 24.11

Suse ≫ Suse Linux Version-

Tritondatacenter ≫ Smartos Version < 20250123

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.47%	0.639

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	2.2	4	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
secalert@redhat.com	6.1	1.6	4	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N

CWE-390 Detection of Error Condition Without Action

The product detects a specific error, but takes no actions to handle the error.

https://kb.cert.org/vuls/id/952657

Third Party Advisory

https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj

Third Party Advisory

Exploit

https://access.redhat.com/security/cve/CVE-2024-12086

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2330577

Third Party Advisory

Issue Tracking

https://security.netapp.com/advisory/ntap-20250131-0002/

https://lists.debian.org/debian-lts-announce/2025/01/msg00008.html

https://www.kb.cert.org/vuls/id/952657

https://nvd.nist.gov/vuln/detail/CVE-2024-12086

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-12086

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-12086

EUVD