6.8

CVE-2024-12086

Exploit

Rsync: rsync server leaks arbitrary client files

A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SambaRsync Version <= 3.3.0
RedhatEnterprise Linux Version6.0
RedhatEnterprise Linux Version7.0
RedhatEnterprise Linux Version8.0
RedhatEnterprise Linux Version9.0
RedhatEnterprise Linux Version10.0
AlmalinuxAlmalinux Version8.0 Update-
AlmalinuxAlmalinux Version9.0 Update-
AlmalinuxAlmalinux Version10.0 Update-
ArchlinuxArch Linux Version-
GentooLinux Version-
NixosNixos Version < 24.11
SuseSuse Linux Version-
TritondatacenterSmartos Version < 20250123
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.76% 0.751
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 2.2 4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
secalert@redhat.com 6.1 1.6 4
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
CWE-390 Detection of Error Condition Without Action

The product detects a specific error, but takes no actions to handle the error.

https://kb.cert.org/vuls/id/952657
Third Party Advisory
https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj
Third Party Advisory
Exploit
https://access.redhat.com/security/cve/CVE-2024-12086
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2330577
Third Party Advisory
Issue Tracking
https://access.redhat.com/errata/RHBA-2025:6470
https://security.netapp.com/advisory/ntap-20250131-0002/
https://lists.debian.org/debian-lts-announce/2025/01/msg00008.html
https://www.kb.cert.org/vuls/id/952657
https://access.redhat.com/errata/RHSA-2026:19368
https://access.redhat.com/errata/RHSA-2026:20603
https://access.redhat.com/errata/RHSA-2026:29197