CVE-2024-12088

Published Jan 14, 2025

Last updated 9 days ago

CVSS medium 6.5

Firmware

Overview

Description: A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory.
Source: secalert@redhat.com
NVD status: Modified
Products: rsync, discovery, openshift_container_platform, enterprise_linux, enterprise_linux_eus, enterprise_linux_for_arm_64, enterprise_linux_for_arm_64_eus, enterprise_linux_for_ibm_z_systems, enterprise_linux_for_ibm_z_systems_eus, enterprise_linux_for_power_little_endian, enterprise_linux_for_power_little_endian_eus, enterprise_linux_server_aus, enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions, enterprise_linux_update_services_for_sap_solutions, arch_linux, linux, nixos, suse_linux, smartos, almalinux

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Severity: HIGH

Weaknesses

secalert@redhat.com: CWE-22
nvd@nist.gov: CWE-22

Hype score: Not currently trending

CVE-2024-12747,CVE-2024-12088,CVE-2024-12087,CVE-2024-12085,CVE-2024-12084 alert 🚨 RSYNC: Multiples vulnerabilities leading to Remote Code Execution The vulnerabilities have been integrated into Patrowl. Our customers assets are protected. 🦉 #CyberSecurity #InfoSec #rsync https
@Patrowl_io
22 Jan 2025
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:samba:rsync:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "477D69AB-8601-4994-9695-8DE48E1587A5",
            "versionEndIncluding": "3.3.0",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:redhat:discovery:1.14:*:*:*:*:*:*:*",
            "matchCriteriaId": "60CA1773-D5FF-4CEA-817B-DD589551B3AE",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "932D137F-528B-4526-9A89-CD59FA1AB0FE",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.6:*:*:*:*:*:*:*",
            "matchCriteriaId": "C4CF8D2F-DACA-49C2-A9F4-63496B0A9A80",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*",
            "matchCriteriaId": "5A47EF78-A5B6-4B89-8B74-EEB0647C549F",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*",
            "matchCriteriaId": "2F7DAD7C-9369-4A87-A1D0-4208D3AF0CDC",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.6_aarch64:*:*:*:*:*:*:*",
            "matchCriteriaId": "CA15BFFC-B8E8-4EE3-8E14-8C95DF6C99C4",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*",
            "matchCriteriaId": "32AF225E-94C0-4D07-900C-DD868C05F554",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*",
            "matchCriteriaId": "FB056B47-1F45-4CE4-81F6-872F66C24C29",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.6_s390x:*:*:*:*:*:*:*",
            "matchCriteriaId": "778ACA25-ED77-4EFC-A183-DE094C58B268",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*",
            "matchCriteriaId": "23D471AC-7DCA-4425-AD91-E5D928753A8C",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:*:*:*:*:*:*:*",
            "matchCriteriaId": "E07C1C58-0E5F-4B56-9B8D-5DE67DB00F79",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.6_ppc64le:*:*:*:*:*:*:*",
            "matchCriteriaId": "0516993E-CBD5-44F1-8684-7172C9ABFD0A",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.6:*:*:*:*:*:*:*",
            "matchCriteriaId": "0FDD919E-B7FE-4EC5-8D6B-EC9A4723D6E2",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.6_ppc64le:*:*:*:*:*:*:*",
            "matchCriteriaId": "41F1A2F3-BCEF-4A8C-BA2F-DF1FF13E6179",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:9.6:*:*:*:*:*:*:*",
            "matchCriteriaId": "554AA8CA-A930-4788-B052-497E09D48381",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:archlinux:arch_linux:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "4824AE2D-462B-477D-9206-3E2090A32146",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:gentoo:linux:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "92121D8A-529E-454A-BC8D-B6E0017E615D",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:nixos:nixos:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "213883D5-9E62-4496-82E3-D5377995C257",
            "versionEndExcluding": "24.11",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:novell:suse_linux:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "B627E2A9-DE93-43FB-BFB7-5B6F421554D5",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:tritondatacenter:smartos:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "8EBD774C-F48F-45EC-A5DD-B1E56E54EF71",
            "versionEndExcluding": "20250123",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:almalinux:almalinux:8.0:-:*:*:*:*:*:*",
            "matchCriteriaId": "F34AA7F4-6ECE-4FA5-A310-3509648BD7C7",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:almalinux:almalinux:9.0:-:*:*:*:*:*:*",
            "matchCriteriaId": "57B93E9A-1483-4FF7-BF45-BD0D7D9F1747",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:almalinux:almalinux:10.0:-:*:*:*:*:*:*",
            "matchCriteriaId": "66FD02F3-C1C2-4E1D-98C1-8889004437D4",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References